Latest: Digital For Tech News Click Here

Monday, 17 March 2014

Latest Android Crypto Exploit Allow Attacker to read WhatsApp , facebook , Instagram Chat Database

place Google AdSense code here

Bad programming practices , Android malware attack is to open the database backup WhatsApp chat.

Boss Bosschert, a self- billed "consultant / sysadmin / business , " that is used by WhatsApp messages stored locally on the local access database file system as any other Android, read by the application of shows how that can be a proof of concept exploit is performed .

WhatsApp Boss chert proof of concept that the silence of the SQLite database used to steal one and the Android application , involved created . After that he moved for work to a remote web server results.

A key aspect of the exploitation and possible mitigating factor : the program from your backup function placed on the phone 's SD card , only copies of the database access . Database as a backup , there is stored , it can read SD Card will be accessible to any application . The Android developer docs on an external card to store data that is inherently unsafe, says in no uncertain terms.

For this purpose , WhatsApp backup database is encrypted , but with Bosschert work around this exploit . No common encryption - for one , each has the same AES key to encrypt WhatsApp user database was used . (Bosschert a simple Python script to perform the decryption provided . )
What is doubly ironic , as exposed by Bosschert with WhatsApp biggest weaknesses are easily solved with good programming practices is how . Including features to external storage , Android introduced to enhance security features, support for many , it may not be available for all users means - unfortunately, wide compatibility with this app WhatsApp seems to aim for .
WhatsApp is insecure programming practices has been nailed for the first time .the main mistake was committed.

In principle , surreptitiously stealing from other applications apps that have been banned from the Google Store , but such programs can be difficult to police. It thus on the Android community - as sometimes in users monitoring is the only way to bring these matters.
Cryptography is hard to do well , and WhatsApp as wide a user base as a request is too difficult to implement it properly . WhatsApp is siphoned off , but the data can be decrypted subtle ways in which not only serve as an important warning ought to matter.

View the original article here

0 comments: Post Yours! Read Comment Policy ▼
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.

Post a Comment

Copyright © 2013 MyBloggerBlog Template All Right Reserved
Designed by MyBloggerBlog | Powered by Blogger