Pinterest Stumbleupon Whatsapp
Ads by Google

WhatsApp has gone from a newcomer on the messaging scene to the biggest name in the business, and with that increase in size has come a big jump in the number of people looking to take advantage of the app’s users. If you use WhatsApp, there are a lot of threats out there that you should know about – here are a few of the big ones.

Web Malware

Now that you can use WhatsApp via a web interface WhatsApp Web: Everything You Need To Know WhatsApp Web: Everything You Need To Know Along with supporting all mobile platforms, WhatsApp has now launched a web-based client, so you can finally use WhatsApp on your PC and sync with your phone. Read More , there are people out there distributing bad download links that look like real WhatsApp clients, but will saddle you with a bunch of malware. Kaspersky Labs found a number of these suspicious downloads in a variety of languages.

whatsapp-web

These sites collect information from downloaders and distribute malware. Kaspersky researchers found ones that add users to WhatsApp spam lists, some that come packaged with trojans, and some that distribute malware designed to get at banking information.

Fortunately, the solution to this problem is a simple one: make sure that you’re using the official URL. To use the web app, go to http://web.whatsapp.com/. You don’t need to download any apps or browser extensions – you only need to go to the correct page and sign in.

Crash Messages

A while ago, someone discovered that you could crash someone else’s instance of WhatsApp by sending a message over 7 MB in size. After receiving the message, WhatsApp will crash every time the user tries to open the thread, and the only way to regain control of the app is to delete the thread. It was recently discovered that the same thing could be done by sending a much smaller message – only 2 KB in size – that contains a set of special characters.

Ads by Google

Even if a message is backed up, restoring the conversation doesn’t solve the problem; it’ll still crash the app. This exploit works not just with messages to individuals, but also to groups, in which case every member of the group will experience the crash and need to leave the group and delete the thread. This might not sound like a big deal if you only use WhatsApp to organize rides to the bar, but many people use the app for business as well, which means this vulnerability could be a huge pain.

As of yet, there’s no way fix or defend against this exploit. Your best hope is that Facebook and WhatsApp quickly fix the problem before more people find out about it. Fortunately, however, this doesn’t seem to happen on every platform; so far, it’s only been seen on Android.

Bypassing Privacy Settings

Maikel Zweerink recently discovered that WhatsApp, even with the increased security that has been put in place recently, isn’t nearly as safe as we think it is. He showed proof that a simple app called WhatsSpy Public can monitor status messages, status changes, and user photos, as well as adjust security settings, even if the app’s owner has set the privacy options Everything You Need To Know About Your WhatsApp Privacy Settings Everything You Need To Know About Your WhatsApp Privacy Settings Read More to “nobody” (you can see a small sample of the sort of information that the app can pull below).

panel-whatsspy-track

Zweerink was experimenting with WhatsApp to create a bot, and was shocked when he found out how it could be used to track other users despite their privacy settings. He also wrote a detailed blog about the problems he discovered that is certainly worth a read. This is a particularly worrying development, even for an app that’s had a lot of worrying security problems recently.

As far as we know, there’s no way to protect against this, and we’ll just have to wait for the WhatsApp developers to find a way to fix it.

Spying on Other Users

WhatsApp recently debuted end-to-end encryption, making it much more secure than it’s been in the past. Despite this, however, there are still a few ways that other people can listen in on your conversations. There’s a piece of spy software The Dangers of iPhone Spy Software & How To Detect It The Dangers of iPhone Spy Software & How To Detect It Considering spying on an iPhone? Think you've got a compromised device? Here's what you need to know. Read More called mSpy, for example, that sends reports on calls, browsing, text messages, WhatsApp conversations, and more, back to the owner of the app. All they have to do is get the app onto your phone which just takes a few minutes.

mspy-features

Paying close attention to the apps that are installed on your phone will help you catch spyware like mSpy, but MAC spoofing is a more insidious and harder-to-detect method of listening in on WhatsApp conversations. A phone’s MAC address What Is a MAC Address & Can It Be Used To Secure Your Home Network? [MakeUseOf Explains] What Is a MAC Address & Can It Be Used To Secure Your Home Network? [MakeUseOf Explains] Network structure and management have their own lingo. Some of the terms thrown around will likely already sound familiar to you. Ethernet and Wi-Fi are largely self-obvious concepts, although it may require a little bit... Read More is a unique identifier, and WhatsApp uses this address to route messages. By temporarily assigning someone else’s MAC address to your phone, you can intercept their WhatsApp messages (though they also get sent the intended recipient).

The best way to make sure that your messages aren’t being intercepted in this way is to not give anyone who you don’t trust access to your phone. It doesn’t take long to get the MAC address for a phone, and once you have it, it’s easy to spoof it from another phone. Detecting and preventing MAC spoofing isn’t easy, so not giving anyone the chance to do it in the first place is your best bet.

Should You Get Rid of WhatsApp?

WhatsApp is a great messenger app, but between Facebook’s ownership of it and the ever-increasing number of security worries, it’s looking like it might be a safer idea to use a more secure messaging app Forget WhatsApp: 6 Secure Communication Apps You've Probably Never Heard Of Forget WhatsApp: 6 Secure Communication Apps You've Probably Never Heard Of The Electronic Frontier Foundation (EFF) is a lobby group dedicated to "defending civil liberties in the digital world". They maintain the Secure Messaging Scorecard, which makes for worrying reading for fans of instant messaging. Read More , like Telegram, a very popular alternative Telegram Provides A Secure & Fast-Growing Alternative To WhatsApp Telegram Provides A Secure & Fast-Growing Alternative To WhatsApp Read More . While most users won’t find that they get taken advantage of because they’re using WhatsApp, the worry will always be there. And now that WhatsApp has been identified as a high-priority target for hackers, it might not be worth the risk.

Do you still use WhatsApp? Are you worried about the security vulnerabilities that have shown up over the past few years? Share your thoughts below!

  1. Lior
    November 4, 2016 at 11:06 am

    Hi,
    I have a phone only for a personal use.
    I install on it whatsapp, and moved all of my contacts to it.
    I know that whatsapp, when granted permission to the contacts, start to send all of them messages.

    Is there a way to prevent from it to happen and still give the permission to the contacts ?,

    Thanks !

    • Dann Albright
      November 12, 2016 at 10:58 pm

      It shouldn't be sending any messages to people without your permission. Are you sure you didn't hit a button to invite people to use it? If not, that sounds like a malfunction or potentially a hack. Reinstall it and see what happens.

  2. Piku
    October 24, 2016 at 5:59 pm

    Hi dan, ur post is really informative..but my question is still unanswerable. I use gb whatsapp in which i have the feature to freeze my last seen. Few days ago my last seen was freezed but in my friends phn my last seen was the real time. Next day i realized that my whasapp is hacked. I uninstalled my whatsapp and after that it was okkk. I also deleted it for few hours as well. But havnt noted any suspicion. But today when i was in whatsapp call with my dad i heard some background noices that was unfamiliar to me and dad as well. I want to know is my whatsapp still hacked and how to protect me. Few days ago my friend took my phone for few minitues. Is it possible that he has taken my mac address. If my whatsapp is still hacked how could i track the hacker. Should i stop using it. Plz reply asap. Thanks in advance

    • Dann Albright
      October 26, 2016 at 9:35 pm

      Hm, that does sound a bit suspicious. I'd stop using it. If you absolutely need to use it, maybe a backup, wipe, and restore of your phone before reinstalling it would help.

  3. Brij kumar
    September 27, 2016 at 3:11 am

    What about Rapid_Share app in Google play? It does not require any intermediate server.

    • Dann Albright
      October 19, 2016 at 11:00 pm

      Is it another messaging client? I'm not familiar with it.

  4. Tel Ganeson
    August 29, 2016 at 4:39 pm

    My ex wife and I have been texting on Whatsapp behind all my girlfriends about how to take money from them. Can anyone see those messages? I am panicking.

  5. Shady
    August 23, 2016 at 3:02 pm

    Apple and Facebook have had concerted efforts to persecute certain individuals whom promote free speech on digital systems. Android isn't any better but the fact still raises eyebrows at the acquisition of the Whatsapp Business. Apple released all icloud emails and facebook released messages with other entities and gave over the forensic internet life of individuals. Your ISP doesn't respect you and intends to make a cash cow off of users. Secure messaging will take off and beg greater responsibility and trust on the users.

    • Dann Albright
      August 31, 2016 at 6:40 pm

      I'm not sure I totally understand your comment . . . when did Apple and Facebook work together to persecute digital free speech proponents? Do you have some examples? Also, what do you mean "Apple released all icloud emails"?

  6. Natalie Howard
    August 17, 2016 at 10:44 am

    Does whatsapp link to gmail? I added a good looking Hungarian man to my whasapp and a few hours later my gmail reported an attempted hack from Budapest. How do I delete my details from his whatsapp?

    • Dann Albright
      August 21, 2016 at 3:56 pm

      As far as I'm aware, there's no link between WhatsApp and Gmail; certainly none that I've never heard of, anyway. How did you get the report of the attempted hack? I'm not sure you can delete your details from his copy of the app, but you might be able to block him, which is probably the next best thing.

  7. Angelique
    July 20, 2016 at 5:37 pm

    I think whatsapp is texting me somehow using my boss's phone number! i get a text from "my boss" requesting to communicate via whatsapp. i said i dont have the memory space (i have a shitty defected android) to which she immediately replied lol.... my boss 1. Never replies immediately and 2. would never just send "lol". i got two more texts from my boss's number suggesting i use google to store my photos to free up enough space to get the app, to which i explained even if i didnt have photos my phone would continue to say it was full (which is true). i never got a reply after this. now i'm upset because i was actually expecting an important text from my boss, and instead i got this wierd conversation and never actually got the information i needed. when i asked her to send me the information she still never replied (which is what she usually does to me anyway) but still.. why would she have a conversation about whatsapp and not send me the vital information she was SUPPOSED to??? i think she may have had the app on her phone and it went through her contacts to ask me to install it. (like an advertisement) its freaking creepy.

    • Dann Albright
      July 25, 2016 at 8:03 pm

      Sounds to me like someone may have gotten a hold of your boss's phone. While WhatsApp might recommend sending an automated message to people in your contacts list to recommend they join, I'm sure it wouldn't say "lol."

  8. ritz
    July 20, 2016 at 6:20 am

    i have an issue. i deactivated my number and i am not using whatsapp, but one of my friend told me he was chating with me and uploading my pictures and my number is still online on whatsapp.. what should i do

    • Dann Albright
      July 25, 2016 at 8:01 pm

      That's strange; I'd get in touch with WhatsApp support and see what they say about it.

    • Rolfen
      August 18, 2016 at 11:48 am

      Maybe someone else got your number. I had this as well. My number went to a child. Some friends were still sending him messages and wondering why there was a 11 year old boy in my profile pic.

      • Dann Albright
        August 21, 2016 at 3:57 pm

        That's also a possibility; I still get calls on my current number for the person who used to have it.

  9. Jack
    June 13, 2016 at 12:36 pm

    I am concerned that someone may have hacked my watsapp. Is it possible that someone living thousands of miles away (has no access to my networks, wifi or phone) may be able to hack my watsapp in real time? Also, can a person intercept my skype calls or IMs even if they are not a contact of mine?

    • Dann Albright
      June 13, 2016 at 7:56 pm

      Anything's possible, though I doubt it would be easy to do that, especially with WhatsApp's end-to-end encryption. As for Skype or IM, if they had access to your account, they could probably see what you're saying. I suppose the same is true for WhatsApp. Your best bet is to change all of your passwords and terminate any sessions other than the one you're currently running, I'd say.

  10. anonymous
    May 19, 2016 at 5:36 pm

    Surely Whatsapp has security threat, most recent someone automatically deleted whatapp along with some other apps and it happened middle of the night and when i wake up in the morning i thought i accidentally deleted then i reintalled whatsapp again, and then i came to know that some messages sent to group from my phone, how is this possible? i contacted whatsapp and they saying the thirdparty applications that installed my phone might did that, so what they saying is that the third parties can hack into whatsapp, so where is the security?

    • Dann Albright
      May 25, 2016 at 12:54 pm

      Hm; that's a problem I haven't heard of before. Are you on an Android phone? And is it rooted? That could potentially cause problems with other apps having access to things that they shouldn't. While WhatsApp's communications are secure, I'm sure there are ways other apps can attack the app itself.

  11. Raffles
    May 7, 2016 at 7:21 pm

    My problem is that I can't get Telegram to work on my mobile phone which has a Ubuntu operating system. I haven't been able to find a fix for it. It seems that the problem has been reported on the developer website, but even after the last update, it won't work.

    • Dann Albright
      May 9, 2016 at 9:38 pm

      Ah, that would be a problem indeed. To be completely honest, I don't know the first thing about Ubuntu mobile, so I can't give you any advice. Hopefully someone else out there can recommend a fix or enough people request Ubuntu support that Telegram prioritizes it!

  12. Ivy
    April 29, 2016 at 2:41 pm

    This article is from last year but are these concerns still relevant today????

    • Dann Albright
      May 3, 2016 at 1:33 pm

      I believe they fixed the crashing problem, but web malware and bad links are definitely still a problem. I haven't heard anything about monitoring apps, but because of the end-to-end encryption that they recently turned on, I'd say it's relatively unlikely that they're as effective. I'll keep an eye out for information on any of these things and let you know if I hear anything!

  13. Vijai Jasrotia
    March 24, 2016 at 2:42 pm

    Another option is Avaamo. It is a secure enterprise messaging platform. Its client is free on Apple store or google store. If you want an enterprise management control there is a cost involved.

    • Dann Albright
      March 25, 2016 at 2:14 am

      Interesting . . . have you used it? What do you think of it?

  14. Jip
    November 20, 2015 at 6:11 pm

    I use Signal. Pretty secure.

    • Dann Albright
      November 23, 2015 at 1:50 pm

      I've never heard of Signal; is it like other messaging programs, like Telegram or Threema? And is it cross-platform?

  15. nmk71227
    June 3, 2015 at 6:14 pm

    WhatsApp: An app by buffoons for stalkers First, before I go on to the problems, let's see what good the app does. It allows one to call or send messages using internet connection. That was possible a decade ago using email accounts which is still available on any device on which WhatsApp runs. The difference? It doesn't need an email id and works with a phone number you have access to. Not bad. Pretty simple and straight forward, but is it handled properly by the app developers? NO. Here is why. It automatically uses your addressbook to add people you know, which in itself is no issue, but here is the big problem: it shows contacts using WhatsApp automatically, without any permission or anything like that. Only thing one needs to know if you are available on WhatsApp is your phone number. That can be bad in too many ways. 1. I have been using the same number for over 10 years, and a lot of people are sure to have my number on their contacts list even if it was a one-time affair a decade ago. They end up seeing me in their WhatsApp contacts, and I see them in turn, which is ridiculous unless I have a way to block it. No, I do not mean the 'Block' option... why do I have to block every single person I may have known once upon a time just to use a service I want to use to chat with friends??? Even the contacts I have hidden in my addressbook end up in my WhatsApp contacts, and disabling 'Show all contacts' in WhatsApp settings does nothing to get rid of them. Additionally, they end up in my addressbook as WhatsApp contacts even if I have them hidden in my original contacts. There is no way to hide WhatsApp contacts partially from cluttering your addressbook, and for some reason even if I disable WhatsApp contacts completely on addressbook, they still show up (could be a bug). A sample situation: all my classmates, teachers may have my contact number that I used in school, but I have contact with only a few currently, and have no intention of announcing to all of them that I have signed up for WhatsApp. Is that too much to ask for from a chat application??? I do not want to block anyone, I just do not want to advertise this either, simple. 2. It is a huge privacy leak if you consider the fact that WhatsApp defaults, unless (and then until) you change them, will show your details (profile pictures, status) to those unwanted contacts (an app for stalkers, in short). 3. What if you have a dual SIM phone with different numbers for personal and professional use? Forget that privacy if you want to use WhatsApp, they think 'differently'. What if you have only one SIM, but change devices often? You may get blocked. 4. There is no way to change WhatsApp contacts. I have this strange issue with couples with multiple contact numbers: one person is currently using the number for phone calls that the other had registered for WhatsApp initially. So if I change that in my addressbook according to call usage, WhatsApp will show the wrong contacts, and I have no way to edit this. 5. Similar situations can arise for young people without a phone number if they use their parents' (extra) phone number to register for WhatsApp. 6. Not directly related, but once I had changed my WhatsApp number to a new one, which is supposed to delete the old number, but I can still send messages to that number as it is there in my phonebook. This just shows how broken the app is. The fact that the WhatsApp developers took it for granted that one would invariably chat with all contacts in their contact book (plumber, electrician, etc) and that they need to clutter one's addressbook no matter whether one wants or not, is ridiculous. This is the reason I can't help thinking that the app must have been made by buffoons, sorry. And yes, for unsuspecting young girls, those utility guys can stalk you easily unless you are too careful about using this oversimplified app. Only if WhatsApp had an option to search your contacts and add people manually to WhatsApp, allowing you to choose who are in your contact and if they get to see that you are using WhatsApp until you add them personally. That is, I have 100 contacts in phonebook, I add 10 to WhatsApp, then either allow all of them to see me or manually add them to chat/call when I need to. The only problem to this step is, how do I know if the other person is using WhatsApp or not? Simple, I know if I know. That is, if that person shared that info with me. In short, no way for stalkers with your phone number to know you are there in WhatsApp, much the same way email accounts work, everyone has one, but you get it when it is shared with you. I know WhatsApp takes advantage of one's phone number to connect with others, but it still can have its own ways to filter people in the addressbook to add for chat. I know using a smartphone is not safe by any means, google itself will stalk you to death if you do. But even google shares with your acquaintances only as much info as you do. I have a dual SIM phone and I have taken a new SIM for WhatsApp and let only those know it whom I want to. So I have no issues with stalkers or privacy, mostly. But I get annoyed seeing the unwanted contacts in the app everyday, and also can easily see how a stalker can use the app to track when people go to vacation, where, when they fall in love, marry or break up, and what not. I am writing this up in an attempt to knock WhatsApp developers to their senses, and if not, warn some unsuspecting users of its strange ways by sharing this info wherever I can.

    • Archer
      December 16, 2015 at 9:23 pm

      1. they dont know your name unless they asked you directly... 2.how did they get your phone number? if they got it from the internet I doubt blaming watsapp for it is stupid...

      I think you are being paranoid....

      • Ant
        February 17, 2016 at 8:55 am

        2. You gave it to them 5 years ago before WA existed not suspecting that one day WA would share your info with them based on them having your number in their phonebook.... I mean, I give my number out to LOADS of people I wouldn't want to share anything with...

  16. Manoj Kumar
    April 7, 2015 at 3:40 am

    Is anybody here to solution how we secure what's app no. to unregistered . They don't sent message on your what's app with out block that number ...........

  17. Dashrender
    March 9, 2015 at 9:02 pm

    BBM is worthless now. Any data that flows through the Middle East servers is completely readable by the local authorities there. BB bowed to government pressure a few years ago and gave the keys to them instead of being tossed out.

    • Dann Albright
      March 12, 2015 at 7:49 am

      This is something I hadn't heard of . . . do you have any links to where I can read more about this?

  18. Frank Jones
    February 28, 2015 at 5:50 am

    If you want a real secure alternative , with lot more feature than Whatsapp an many other , Try BBM , it is available for all platform IOS Droids and windows phone ,,, and it Free ,....

    • Dann Albright
      March 2, 2015 at 5:58 pm

      You're certainly not alone in backing BBM—as far as I know, it's a really good option. To be honest, I haven't looked into it all that much. The only thing I imagine is a problem is adoption—if I tell someone that they should download Telegram so they can text me in the UK from the US, they'll just go and do it. But if I tell them to download BBM, it's possible that they'll think they won't be able to if they're not on a BlackBerry. Other than that small disadvantage, though, it's definitely a good way to go!

  19. Joan Aronowitz
    February 28, 2015 at 5:01 am

    what is bbm?

    • bharath
      February 28, 2015 at 3:05 pm

      Blackberry messenger

    • Dashrender
      March 9, 2015 at 9:04 pm

      What other apps control the local key only within the app on the single device and don't share it with a centralized server like all the rest do? Granted this makes it nearly, if not, impossible to move from device to device, but it also ensures your security and that you don't have any else tapping your messages.

    • Dann Albright
      March 12, 2015 at 7:49 am

      I believe TextSecure keeps the encryption key locally, and it definitely does all encryption and decryption locally. That seems to be a pretty solid app.

  20. Dashrender
    February 27, 2015 at 11:06 pm

    Threema, a truly secure messaging platform.

    • Dann Albright
      March 2, 2015 at 5:56 pm

      I reviewed Threema a while ago, and didn't find that it was better than the free options (or at least enough to warrant paying for it). I haven't looked at it in quite a while, though; maybe it's more worth the cost now. What do you like about it?

    • Andy
      March 12, 2015 at 8:10 am

      I use it everyday and I have more trust in Threema because their servers are in Switzerland and you can check the encryption progress. A friend from Germany told me that they even won a price for the best secure messaging app from a independent organization - I guess that’s why it’s such a big thing in Germany. Newly they have a poll function within chats and groupchats.

    • Dann Albright
      March 15, 2015 at 9:01 pm

      Interesting! I'll have to check it out. Are Swiss servers as highly reputed as Swiss banks?

    • muzhik
      May 25, 2015 at 2:13 am

      Threema FTW, also new messaging app Bleep p2p (BitTorrent) seems to be going in the right direction as far as secure txting goes.

    • Dann Albright
      May 25, 2015 at 10:28 am

      Threema is a great way to go. I'm not familiar with Bleep—sounds really interesting, though! Thanks for mentioning it.

  21. Anonymous
    February 26, 2015 at 9:12 pm

    Bbm is the best!

    • Dann Albright
      February 27, 2015 at 5:24 pm

      Matt Hughes, is that you? :-)

  22. jodi
    February 26, 2015 at 8:54 pm

    I use. Go. SMS pro. For messaging. Have you heard about.problem S's. With that? App

    • Dann Albright
      February 27, 2015 at 5:23 pm

      I'm not familiar with Go SMS Pro, and I haven't heard anything bad (or good) about it. How do you like it? How secure is it?

  23. Mota
    February 25, 2015 at 11:14 pm

    Telegram ftw!

    They added today a feature that allows users to lock the app with a code. Plus, i can use it on tablet and pc seamless. No need for webversion's crap.

    Good article.

    • Dann Albright
      February 26, 2015 at 7:37 am

      The code lock is a great idea! I'm more and more impressed with Telegram all the time. Definitely leading the way in the messaging game.

Leave a Reply

Your email address will not be published. Required fields are marked *