WhatsApp Threatens Developers of PC Gateway With Legal Action

← Back to Stories (view on slashdot.org)

WhatsApp Threatens Developers of PC Gateway With Legal Action

Posted by timothy on Wednesday September 26, 2012 @08:03AM from the could-ruin-your-whole-day-in-some-countries dept.

An anonymous reader writes "In an apparent reaction to the security vulnerabilities demonstrated by The H's associates at heise Security, the company behind WhatsApp Messenger is taking action against the developers of a library of functions for using the WhatsApp service via a PC. The developers have responded by removing the source code from the web. However, the popular texting alternative WhatsApp still has a major security problem. Attackers can compromise other users' accounts with relative ease, and send and receive messages from another user's account. Forked versions of the code are still available on Github."

8 of 27 comments (clear)

Min score:

Reason:

Sort:

I remember them! by TheSpoom · 2012-09-26 08:09 · Score: 5, Interesting

One of our clients wanted us to send notification messages over WhatsApp to end users, but they don't have an API and at the time, this third party library was not available. We told them we couldn't do it. Sounds like we avoided a shitstorm.

--
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
1. Re:I remember them! by TheSpoom · 2012-09-26 08:12 · Score: 5, Insightful
  
  Also, let's just all act like github isn't versioned. *whistles*
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
Liability Assurance... by sinij · 2012-09-26 08:10 · Score: 5, Insightful

Sadly Information Security is now more about offloading liability and then seeking damages than actually delivering secure solutions.
1. Re:Liability Assurance... by idontgno · 2012-09-26 08:19 · Score: 4, Interesting
  
  From a business ("risk management") perspective, it often costs no more to offload liability or otherwise mitigate the impacts of a security event than to actively prevent the security event. In that case, is anyone surprised a business makes a business decision? If you ask the business, security features support the business and not the other way around, so business priorities always take precedence.
  And yeah, that means that if there's a breach, if you can decrease the overall cost of notification and settlement with the victims, letting the breach happen may be the more business-savvy choice.
  Sucks, but that's the profit motive for you.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
Bunch of crackpots by DMiax · 2012-09-26 08:52 · Score: 4, Interesting

Few developers make me so angry as WhatsApp's ones. They just took XMPP, made a couple of changes so that it does not work with normal clients, forgot about any kind of security and call it a day. Their biggest idea is using phone numbers as identifiers and marketing their app as an SMS replacement instead of an internet chat. Fuck them.
1. Re:Bunch of crackpots by Nerdfest · 2012-09-26 09:49 · Score: 4, Interesting
  
  Apple did the same thing.
2. Re:Bunch of crackpots by GameboyRMH · 2012-09-26 11:09 · Score: 4, Informative
  
  Yeah but with SIP instead of XMPP (FaceTime).
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
WhatsAPP spam comming by KarlH420 · 2012-09-26 09:14 · Score: 4, Insightful

If WhatsApp doesn't add more security, my prediction, is we will start to see WhatsApp spam. If you know phone number and it's IEMI you can fake the sender using the WhatsApp protocol. All it will take now is someone to acquire a database of IEMI's and the phone numbers before the spam can start flowing.