Fans and users of VoIP, push to talk, and messaging apps and virtually any other system connected to the internet are no strangers to hacks and security flaws. In fact just recently Tango’s website was compromised and Viber support was defaced, both by the Syrian Electronic Army.
Now, according to German security company Curesec via TechWeekEurope, it appears as though a security flaw in WhatsApp Messenger could potentially cause problems for users of the app, particularly where PayPal and Google Wallet users are concerned.
When making a payment to gain a WhatsApp licence, the connection between the WhatsApp server and payment services, including Google Wallet and PayPal, is protected by Secure Sockets Layer (SSL) encryption, but the connection between the app’s browser, which launches when payments are made, and the WhatsApp server is not protected at all.
“This means an attacker could intercept the first request via a suitable man-in-the-middle attack and successfully redirect the user to any webpage when the user is trying to buy Whatsapp credit,” said the two-year-old German security company Curesec. “To gain user accounts the attacker could set up a fake Google Wallet or Paypal systems page to harvest user accounts.”
Of course, the chances of this security flaw being exploited is very small. Still, it would be most beneficial to WhatsApp and its users to rectify the issue now before it becomes an even bigger issue much like the Priyanka contact worm that affected the app recently.