- 01-22-13, 05:53 PM #51--------------------------------
"There's a lot of punditry out there. If it was so easy to create a $20 billion company, everyone would do it." - Jim Balsillie
- CrackBerry Genius
01-22-13, 06:11 PM #52
- 2,635 Posts
It's getting so hard to just have a normal discussion because it's always either super fanbois or trolls ruining it. LOL there's no need to come into a thread about a app u care nothing about and then rip on people that want/use it. It's childish. We're all on the same team yet I know plenty of people who avoid crackberry and it's forums due to trolls of both kinds. Why would any downplay the importance of a major app???Yes I am black...and yes I LOVE grape Kool Aid. I can't blame u for judging me
- Durrell pin:2B7B5318
- 01-22-13, 07:45 PM #53
Damn this is actually a huge issue for me, I use WhatsApp to keep in touch with 4 really close friends (2 iPhones and 2 Androids) and we have an all day chat going which is one of my main sources of entertainment, if there's no WhatsApp I'm seriously gonna have to consider not going BB10.
EDIT: Looks like on the Dev kits people were able to side load it and work fine. If that's the case then no biggie, just gonna have to wait to make sure it's a viable solution.
- CrackBerry Genius
01-23-13, 04:30 AM #55
- 3,639 Posts
- 01-23-13, 05:12 AM #57
- 01-23-13, 05:41 AM #59
"Tests performed by The*H's associates at heise Security have found that popular texting alternative WhatsApp is easily hacked using freely available tools. Anyone using WhatsApp on a public Wi-Fi network risks having their data sniffed and their account used to send and receive messages. Once hacked, there is no way to restore account security – attackers will be able to continue to use the hacked account at their discretion.
Over the last week the lack of security inherent in WhatsApp's authentication has gradually become clear. Researchers have discovered that the client uses an internally generated password to log on to the server; this password is generated on Android devices from the device's serial number (IMEI) and on iOS devices from the MAC address of the Wi-Fi interface. The problem with this is that the information is anything other than secret – the IMEI can often be found on stickers inside of Android phones (usually under the battery) and can also be obtained using a shortcut key combination or by any app.
Sniffing this data is even easier when it comes to devices running iOS – the MAC address is visible to anyone within range of the Wi-Fi network being used. If this is a public Wi-Fi network, in a busy coffee shop, for example, data sniffers can even determine the user's phone number from the data packet transmitted by WhatsApp. Taking over the account is child's play – attackers don't even need to know who their victim is. The whole situation is even less understandable considering that there is already a shared secret between WhatsApp and the user in the form of a confirmation code sent by text message when the user first registers.
In tests, heise*Security found that, with the help of WhatsAPI, the PHP-based WhatsApp API, it was possible to take over both Android and iOS WhatsApp user accounts. And doing so was shockingly easy. All attackers have to do is to enter the phone number and MAC address or IMEI into a script and they are then able to send whatever messages they like from the compromised account. The sender is reported as the compromised user's phone number.
The script also offers a conversation mode which allowed heise*Security to both send and receive messages. Sent messages are not visible on the account owner's phone and, as long as the script is running, neither are the responses received.
The experiment shows that, as things stand, WhatsApp should be used with caution. To avoid making it easy for data sniffers, iPhone users should refrain from using it on public networks. There appears, however, to be no way of preventing people immediately around you, such as workmates, from taking over your account, as obtaining your phone number and IMEI or MAC address is generally a simple matter.
Once an account has been compromised, there is no remedy – there is currently no way of changing your password and thereby blocking the attacker. WhatsApp now needs to step up to the plate and start protecting its users.
There are also indications that WhatsApp may have been equally lax in designing the algorithm it uses to generate keys for encrypting messages. An anonymous, so far unconfirmed, report claims that, at least for the iOS version of the app, the key is easily determined."
- 01-23-13, 06:28 AM #60
Re: Just a though about whatsapp !!
I have a concern with bbm too, in that the messages are in plain text at some point between transmission and reception, if it were being designed for more true security the message should not exist in plain text at any point from transmission to reception (including presence on RIM's servers- it should not be possible for rim to negotiate any deal with any government allowing access to messages because the crypto system should make that impossible).
Whatsapp admittedly is on a whole different level of insecure though.
Sent from my Nexus 7 using Tapatalk 2
- 01-23-13, 06:43 AM #61
- 01-23-13, 07:56 AM #62
Again, your article is nearly 6 months old. Perhaps this issue has been rectified already. As well, with the large number of Whatsapp users, has there ever been any documented case of this happening? Probably not,as it's much easier to just punch someone in the face and take their phone while in use to do whatever it is you want, than it is to sit in some coffee shop waiting for someone's account to hack.
"Hard work spotlights the character of people: some turn up their sleeves, some turn up their noses, and some don't turn up at all." -Sam Ewing
Rollin' on Twitter
- 01-23-13, 08:32 AM #64
It's a vulnerability.
It boils down to judicious use.....I don't use public, unsecured, WiFi. I'm either at home on my secure network, on secure networks for which I have a code, or on the AT&T network.
I don't use unsecured WiFi for *anything* on *any* device, except for twice, back in 2011, when initially downloading an update to my very first Android, my Atrix, and when first setting up my Nook, at the Barnes and Noble store. Once I had my initial information set up, I used my secure home Wifi.
- 01-23-13, 08:37 AM #65
I hope Viki doesn't mind my accent so much.....
- 01-23-13, 09:05 AM #67
Re: Just a though about whatsapp !!
Wasn't aware that common sense was exclusive to BB users.
Frankly all things considered, I find the BB pin to be far more insecure to give out than the telephone number. I can change my TN of necessary. Pin not so much.
Of course, I'm the weirdo who texts. I didn't BBM on any of my BBs and I don't WhatsApp.
A BB can be just as insecure if the user is an *****.
I had to get the red SGS3...garnet is my birthstone! Excuses sent via Tapatalk 2
- 01-23-13, 09:15 AM #68
- 01-23-13, 09:31 AM #69
Re: Just a though about whatsapp !!
User responsibility is key, and there are plenty of warnings in the media, news stories, articles, special interest reports, and education through work all related to what to do and not what to do on the internet to avoid phishing scams, safe browsing, safe Wi-Fi use, etc.
And I think you're right, the PIN cannot be changed.
***Edit: confirmation that PINs cannot be changed.
Any device on any platform can be made vulnerable through improper use, no platform is impenetrable. Much to the chagrin of those who would have you believe that a BB will always and forever through any and ask circumstances be made absolutely completely safe. It's safer than anything else, but it's absolutely not impenetrable.
Sent from my SEXY HOT RED SGIII using Tapatalk 2
Last edited by qbnkelt; 01-23-13 at 10:44 AM.
- 01-23-13, 10:14 AM #71
To illustrate my point, here are vulnerabilities catalogued through NIST.
Of course, it goes without saying, that there are many many more risks in Android and iOS.
However.....the greatest risk arises out of complacency through a misguided and incorrect assumption of impenetrability.
National Vulnerability Database (NVD) Search Vulnerabilities
- 01-23-13, 10:30 AM #73
- 01-23-13, 10:57 AM #74
Ah!!!! Amazing how you understood what I was talking about.
And I stand by my statement. Hypocrisy. Just chose to let the comments go....
Can't wait to hear how consuming media on a big screen is JUST AMAZING.....and how quickly it changes from all the other "but those Android devices are SO BIG and WHO NEEDS a device that B I G because you can't use them on one hand and they don't fit in your pocket and you look silly holding it to your ear comments".....especially so when the Aristo comes out.....
Frankly, I'm on my way to a Note 3. L-O-V-E my B I G SGIII screen. Will love my bigger BB screen, the 9860 ended up being too small for me. Even the 4S feels cramped now.
- By gtpx02 in forum Storm OS DiscussionReplies: 30Last Post: 04-03-09, 06:57 AM
- By onlyonepost in forum Storm OS DiscussionReplies: 149Last Post: 03-08-09, 06:46 AM
- By zoi in forum T-MobileReplies: 7Last Post: 01-15-09, 05:09 PM
- By zaydaboss in forum BlackBerry 8830 WEReplies: 9Last Post: 06-25-08, 02:41 PM
- By btownsoccerstud in forum BlackBerry Curve 83xxReplies: 3Last Post: 03-17-08, 10:32 AM