Slashdot Mirror

← Back to Stories (view on slashdot.org)

WhatsApp Is Using IMEI Numbers As Passwords

Posted by Soulskill on from the security-through-handwavery dept.

mpol writes "In the past, WhatsApp has been criticized over their insecure use of XMPP. Recently, new versions of their app have incorporated encryption. It seems the trouble isn't over yet for WhatsApp and its users. Sam Granger writes on his blog that WhatsApp is using IMEI numbers as passwords. This is at least the case with the Android app, but other platforms are probably using similar methods. Since someone's IMEI number is easily readable, this isn't really secret information that should be used for authentication."

2 of 102 comments (clear)

  1. Re:Seriously? by MrHanky · · Score: 2, Informative

    Meh. It's a proprietary extension to a free protocol, with lock-in included. Fuck them.

  2. Re:Seriously? by kylegordon · · Score: 5, Informative

    There's no need for responsible disclosure when it's been around for months on Github.

    Just check https://github.com/venomous0x/WhatsAPI/blob/63639eafc9a08fd308df72458f1381ec8899940d/README.md and you'll see.