Forgot your password?

Choose a newsletter

Premium access provided by ENSTA

Your premium access provided by ENSTA

Enter your email to begin

Premium access granted to you by Expatica

You've been given FREE premium access to Worldcrunch

Enter your email to begin


WhatsApp: Popular Free Messaging Service Puts Users At Risk

Article illustrative image Partner logo Is someone about to hack your smartphone?

For months, free smartphone instant messaging service WhatsApp has been topping the download charts. It is a favorite application for both iPhone and Android users. To the annoyance of cell phone providers, WhatsApp has become a kind of quasi replacement for the old fee-based SMS. According to WhatsApp developers, their servers handle over 10 billion messages per day.

However the service, which is run by small San Francisco start-up WhatsApp Inc., is neither as secure nor as failure-resistant as one would expect from a market leader. In his blog British web developer Sam Granger writes that any relatively ambitious hacker could get into WhatsApp accounts without a problem, either to intercept messages or send messages from their victim’s account.

This is because WhatsApp is set up to make the service friendly to new users who don’t have to provide their own combination of user name and password – they just use the existing info relating to their phone as login data. Telephone numbers are simply and clearly the basis for user names, and WhatsApp passwords -- at least on Android phones -- are clearly based on a phone’s IMEI serial number.

Granger discovered that to generate a password out of the IMEI number the app just changes the order of the digits – “your password is likely to be an inverse of your phones IMEI number with an MD5 cryptographic hash thrown on top of it.” What that means is that anybody who knows a phone’s IMEI number can figure out the password.

Many apps use IMEI numbers to identify phones, and any installed program can access that information and pass it on to an external database. In the event that what happened to iPhone this week (a hacker group released one million Apple UDIDs) happens to WhatsApp, and a database generated from the phone serial numbers were to be made public, WhatsApp user accounts would be compromised and become targets for spammers. Not that hackers have lost any time -- on gray market sites, databases of Android phone serial numbers and corresponding cell phone numbers are sold under the keyword WhatsApp.

WhatsApp has been criticized many times for its security loopholes. Until recently the app carried unencrypted messages through the net, and a simple program made it possible for them to be accessed from a Wi-Fi network. The app also stores message history unencrypted on the SD memory card of Android phones.

Another issue is that WhatsApp can be completely cut off from the mobile phone network. As this article goes to print, T-Mobile users cannot access WhatsApp after a T-Mobile update blocked the relevant network port. T-Mobile says this was accidental and service would be resumed as fast as possible.

Sign up for our weekly Global Biz & Innovation newsletter now

Be a part of the conversation. Click to show comments
About this article source Website:

Die Welt (“The World”) is a German daily founded in Hamburg in 1946, and currently owned by the Axel Springer AG company, Europe's largest publishing house. Now based in Berlin, Die Welt is sold in more than 130 countries. A Sunday edition called Welt am Sonntag has been published since 1948.

Worldcrunch brings top stories from the world's best news sources into English for the first time.

- Find out how we work
- Stay connected with our newsletter
- Try premium access for just $0.99

Want to get in touch or report a bug? Find us at

Load More Stories

Unlimited access to exclusive journalism, the best world news source across all your devices

Subscribe Now Photo of Worldcrunch on different devices

Your premium access to Worldcrunch is provided by

University of Central Lancashire

Please register to begin

By registering you agree to our terms of service and privacy policy.