WhatsApp, which is to be acquired for $19 billion, says on its website that “communication between your phone and our server is fully encrypted.”
The company warns users need to be aware that when they send messages, the recipient’s device may not be secure. But it says it does not store any chat history and that messages are wiped off its system after delivery.
Yet security researchers and others point out that there may be vulnerabilities in the system used by some 450 million people globally.
Paul Jauregui at the security firm Praetorian said in a blog post Thursday that WhatsApp security and encryption are not ideal, citing vulnerabilities in the way it handles SSL, the secure socket layer protocol for communications.
The group’s mobile security test “picked up on several SSL-related security issues affecting the confidentiality of WhatsApp user data that passes in transit to back-end servers,” Jauregui said.
Read more at: Phys.org