IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [whatsapp]

Whatsapp is a proprietary instant messaging client for smartphones

150 questions
18
votes
1 answer

How would one verify that the public key from WhatsApp's servers belongs to the person I expect it to?

WhatsApp had recently announced end-to-end encryption on all communications. While that's an impressive move, I still have a big open question mark. The articles and this white paper suggest that the public key, upon generation, gets stored on the…
Madara's Ghost
  • 349
  • 1
  • 10
12
votes
4 answers

How To Recover End-To-End Encrypted Data After Losing Private Key?

I'm creating a mobile app which has chat feature in it. Since I wanted to make it secure, I'll do some encryption to messages and the data. I'm thinking of using End-To-End encryption for it but I've got some issues. Each user will have private and…
Eagleclaw
  • 247
  • 2
  • 5
10
votes
3 answers

Does WhatsApp disclose the sender's IP address?

Does WhatsApp disclose the sender's IP address? Is it possible to get it by running netstat -a or via Wireshark?
user69377
10
votes
1 answer

How can faulty version of an iOS app (such as WhatsApp) expose the whole device to crashes or take-over

There was a lot of recent, prominent news about a security vulnerability in WhatsApp that affects also iOS versions of the app. The volnerability has been described as carrying the risk of an attacker crashing the device (e.g. mentioned in the…
rookie099
  • 213
  • 1
  • 6
10
votes
1 answer

How can WhatsApp recover messages sent to a damaged phone?

My mom has an Android phone that fell in the water for a couple of seconds, around 16:30. She managed to disassemble the phone and turn it off. We both share a group that is end-to-end encrypted (all participants have new WhatsApp versions). The…
Henrique Jung
  • 307
  • 1
  • 9
10
votes
1 answer

Why is whatsapp Inc. still caching user data even after introducing the end to end encryption?

Last week Whatsapp introduced the end to end encryption to prevent man in the middle intercept/attack. The company claims that the data such as text, call, video, images and documents are stored nowhere in their server, only the concerned devices…
Ganesh Rathinavel
  • 201
  • 1
  • 6
9
votes
3 answers

How can application like Whatsdog detect user online status from Whatsapp?

Whatsdog detects whether your victim is online or not. What are they doing in the background? We know that Whatsapp does not provide any API or SDK for this, so how can anyone monitor this type of sensitive activity?
Tejas Pandya
  • 143
  • 1
  • 1
  • 10
8
votes
2 answers

Found an application (Whatsapp) initiating UPnP requests, is it something that I should worry about?

I have logged in into my router using the web interface. I was checking UPnP forwarding (which is enabled by default), and found out that whatsapp is initiating a UPnP request on port 65072. Is there a way that I can understand, why and how…
Hadev
  • 81
  • 1
  • 1
  • 2
8
votes
5 answers

Given properly implemented end-to-end encryption with no backdoors, can whatsapp comply to hand over customer messages?

According to The Telegraph, a member of the British government is calling on WhatsApp to release the messages sent by the terrorist that committed the attack on London on March 22, 2017. It's lead me to wonder, does WhatsApp, barring any…
Magisch
  • 293
  • 2
  • 9
8
votes
1 answer

Attack vector for exploiting WhatsApp's retransmission "vulnerability"?

A few days ago, an old "vulnerability" of WhatsApp re-appeared in the media. The Guardian published this article calling the vulnerability a "backdoor". The article cites these findings of Tobias Boelter, a security researcher at UC Berkley. The…
KlaasNotFound
  • 183
  • 5
7
votes
1 answer

Does WhatsApp's link preview on the link messages leak information?

When we want to send a message that contains only a link - such as a question from the Stack Exchange network - WhatsApp displays information from the website as below: Does this leak information about what was sent, and from who, and to whom? We…
kelalaka
  • 5,409
  • 4
  • 24
  • 47
7
votes
4 answers

Why does WhatsApp not encrypt Google Drive backups?

WhatsApp has end-to-end encryption, promising privacy to users. However, it becomes useless if backups to Google Drive are unencrypted. Our supposedly private data goes to the control of Google. No problem, I can disable the backup. But, what about…
Nuno
  • 215
  • 2
  • 7
7
votes
2 answers

What's safest way to run WhatsApp?

For work I have to use WhatsApp. I agree with EFFs concerns about WhatsApp and personal data (harvesting it and shoveling it into Facebook), and perhaps even its security. I thought it would be possible to run WhatsApp on my PC in a sandboxed…
Absurdistan
  • 145
  • 2
  • 6
7
votes
2 answers

How does the WhatsApp chat history recovery work together with their encryption mechanism?

As WhatsApp states: every time a user installs or updates the app, a new key pair would be generated on the user's device. So I assume that the chat history on iCloud which was encrypted by the old public key should not be decrypted and…
fans3210
  • 71
  • 1
  • 3
7
votes
1 answer

Can mobile network operators read WhatsApp metadata?

After turning on end-to-end encryption for WhatsApp is it possible for the network operators to read the metadata of the messages being exchanged? I see here (in Transport security) that metadata is also protected. Can someone shed more light on…
user106624
  • 71
  • 2
1
2
3
9 10