WhatsApp Messenger is a proprietary cross-platform instant messaging client for smartphones that operates under a subscription business model. It uses the Internet to send text messages, images, video, user location and audio media messages to other users using standard cellular mobile numbers.
As of January 2016, WhatsApp had a user base of up to 990 million, making it the most globally popular messaging application.
WhatsApp Inc., based in Mountain View, California, was acquired by Facebook Inc. on February 19, 2014, for approximately US$19.3 billion
Platform support
After months at beta stage, the application eventually launched in November 2009 exclusively on the App Store for the iPhone. In January 2010, support for BlackBerry smartphones was added, and subsequently for Symbian OS in May 2010 and for Android OS in August 2010. In August 2011 a beta for Nokia's non-smartphone OS Series 40 was added. A month later support for Windows Phone was added, followed by BlackBerry 10 in March 2013. In April 2015, support for Samsung's Tizen OS was added. An unofficial port has been released for the MeeGo-based Nokia N9 called Wazzap, as well as a port for the Maemo-based Nokia N900 called Yappari.The oldest device capable of running WhatsApp is the Symbian-based Nokia N95 released in March 2007.
In August 2014, WhatsApp released an update to its Android app, adding support for Android Wear smartwatches.
In 2014 an unofficial open source plug-in called whatsapp-purple was released for Pidgin, implementing its XMPP protocol and making it possible to use WhatsApp on a Windows or Linux PC
On January 21, 2015, WhatsApp launched WhatsApp Web, a web client which can be used through a web browser by syncing with the mobile device's connection.
WhatsApp Web
WhatsApp was officially made available for PCs through a web client, under the name WhatsApp Web, in late January 2015 through an announcement made by Koum on his Facebook page: "Our web client is simply an extension of your phone: the web browser mirrors conversations and messages from your mobile device—this means all of your messages still live on your phone". The WhatsApp user's handset must still be connected to the Internet for the browser application to function. All major desktop browsers are supported except for Microsoft Internet Explorer. WhatsApp Web's user interface is based on the default Android one.As of January 21, 2015, the desktop version was only available to Android, BlackBerry and Windows Phone users. Later on, it also added support for iOS, Nokia Series 40, and Nokia S60 (Symbian).
An unofficial derivative called WhatsAppTime has been developed, which is a standard Win32 application for PCs and supports notifications through the Windows notification area.
Security
In May 2011, a security hole was reported which left WhatsApp user accounts open for session hijacking and packet analysis. WhatsApp communications were not encrypted, and data was sent and received in plaintext, meaning messages could easily be read if packet traces were available.In September 2011, WhatsApp released a new version of the Messenger application for iPhones, closing critical security holes which had allowed forged messages to be sent and messages from any WhatsApp user to be read.
On January 6, 2012, an unknown hacker published a website that made it possible to change the status of an arbitrary WhatsApp user, as long as the phone number was known. To make it work, it only required a restart of the app. According to the hacker, it is only one of the many security problems in WhatsApp. On January 9, WhatsApp reported that it had resolved the problem, although the only measure actually taken was to block the website's IP address. As a reaction, a Windows tool was made available for download providing the same functionality. This problem has since been resolved in the form of an IP address check on currently logged-in sessions.
On January 13, 2012, WhatsApp was removed from the iOS App Store, and the reason was not disclosed; however, the app was added back to the App Store four days later. WhatsApp was removed from Windows Phone store because of some technical problems, the app was added back to the Store on May 30, 2014.[67]
In May 2012, security researchers noticed that new updates of WhatsApp no longer sent messages as plaintext,but the cryptographic method implemented was subsequently described as "broken". As of August 15, 2012, the WhatsApp support staff claim messages are encrypted in the "latest version" of the WhatsApp software for iOS and Android (but not BlackBerry, Windows Phone, and Symbian), without specifying the implemented cryptographic method.
German Tech site The H demonstrated how to use WhatsAPI to hijack any WhatsApp account on September 14, 2012. Shortly after, a legal threat to WhatsAPI's developers was alleged, characterized by The H as "an apparent reaction" to security reports, and WhatsAPI's source code was taken down for some days.The WhatsAPI team has since returned to active development.
On November 18, 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the encryption protocol used in their TextSecure application into each WhatsApp client platform. Open Whisper Systems asserted that they have already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and verification would be coming soon. WhatsApp confirmed the partnership to reporters, but there was no announcement or documentation about the encryption feature on the official website, and further requests for comment were declined.
On December 1, 2014, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers, demonstrated the WhatsApp Message Handler Vulnerability, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message of 2kb in size. To escape the problem, the user who receives the specially crafted message has to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.
On January 21, 2015, WhatsApp launched a web client which can be used from the browser. It had two security issues that compromised user privacy: the WhatsApp Photo Privacy Bug and the WhatsApp Web Photo Sync Bug.
On April 30, 2015, Heise Security published a report on WhatsApp's implementation of the TextSecure encryption protocol. They confirmed that the protocol has been implemented for Android-to-Android messages and that WhatsApp messages from or to iPhones running iOS are still not end-to-end encrypted. They expressed concern over the fact that regular WhatsApp users still can not tell the difference between end-to-end encrypted messages and regular messages.
As of December 1, 2015, WhatsApp has a score of 2 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. It has received points for having communications encrypted in transit and having completed an independent security audit. It is missing points because communications are not encrypted with a key the provider doesn't have access to, users can't verify contacts' identities, past messages are not secure if the encryption keys are stolen, the code is not open to independent review, and the security design is not properly documented.
0 comments:
Post a Comment