WhatsApp, the mobile messaging app developer that Facebook is acquiring for $19 billion, may be an attractive addition to the social network, thanks to WhatsApp’s 450 million active users and en vogue status. It may also be attractive to government spies and criminal hackers, thanks to several weaknesses in the encryption WhatsApp uses to protect messages from eavesdropping, researchers say.
Among the most serious problems with WhatsApp’s implementation of secure sockets layer (SSL) encryption is its support of version 2 of the protocol, according to a blog post published Thursday by a researcher from security consultancy Praetorian. That version is susceptible to several well-known attacks that allow people monitoring a connection between the two end points to decipher and in some cases manipulate the traffic as it passes through.