Account theft still possible with latest WhatsApp

Recent changes to WhatsApp, which appears to have captured a position as the popular app-based alternative to texting, have not actually secured the system, at least for Android users. In a test by The H's associates at heise Security, it was found to still be possible to take over an account unnoticed and send and receive WhatsApp messages on behalf of that user.

Just over two months ago, WhatsApp stopped transmitting users' messages in plain text. This meant that tools such as WhatsApp Sniffer no longer worked. But within weeks it became apparent that WhatsApp's new approach was hardly any protection as the application used the device's IMEI serial number on Android and the Mac address of the Wi-Fi interface on iOS to generate passwords. As these are easily obtained items of information, the WhatsAPI PHP library was quickly adapted to make use of this information and take over an account.