Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

WhatsApp to roll out stronger fixes for messaging vulnerability

The problem lets someone change the status message of another person merely by knowing their phone number

WhatsApp has patched a security flaw in its WhatsApp Messenger mobile app after someone set up a website allowing anyone to change a user's status update.

Jan Koum [cq], senior tweet manager for WhatsApp, acknowledged there was a problem but did not say what was causing it. WhatsApp has deployed a patch and will roll out stronger fixes in the next day, he said.

WhatsApp Messenger users can address messages to one another using their phone numbers. The app sends the messages over Wi-Fi or a mobile data connection rather than SMS, potentially saving on text messaging fees. Versions are available for iPhone, BlackBerry, Android and Nokia Series 60 devices, according to WhatsApp's website.

In apparent frustration with WhatsApp, someone created a website at whatsappstatus.net highlighting the vulnerability, and allowing anyone to enter the phone number of a WhatsApp Messenger user and update that user's status message. Who set up the website is a mystery, as the domain name registration information is private.

"The engineers of WhatsApp are telling their customers that they will fix it as soon as possible while it's been a long time now," the site said. "So on this website we will show you one of the major leaks of WhatsApp."

Back in May, WhatsApp Messenger's developers were rapped for failing to encrypt traffic sent over open Wi-Fi connections, Dutch website Webwereld reported.

Send news tips and comments to jeremy_kirk@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: BlackBerry, Messenger, Nokia
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: mobile, mobile applications, security, WhatsApp
Latest Blog Posts
Whitepapers
  • Becoming a Social Business
    As global business accelerates ever faster and companies work to quickly respond to customer demands, competitive threats and rapidly evolving trends, the richness and efficiency of social collaboration plays a key role in enabling future success. The challenge then is finding the best approach. Read on.
    Learn more »
  • Case Study: Svenska Kraftnät safeguards web and ensures communication security with Clearswift
    Energy producers from surrounding countries load power onto the Swedish National Grid’s network, with energy suppliers then paying the Swedish National Grid to load onto their grids for them to sell-on to customers. Using Clearswift’s Email Appliance, and MIMEsweeper for SMTP means that the organisation has safe and resilient email helping them to meet their goal of providing a safe, robust, cost-effective and environmentally sound energy transmission system.
    Learn more »
  • Rapid achievement of employee productivity gains in a modern workforce
    The last few years have seen explosive innovation in the ways that users interact with software applications, resulting in a huge surge in the adoption of tablet, smartphone, and web based social applications. Fortunately there are some simple incremental steps that any organisation can take to transition to a more people centric communications system, while lifting employee productivity. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.