New research from a group of scientist have revealed that popular messaging service, WhatsApp can be a target for data harvesters. Through it’s new calling feature,data such as phone numbers and phone call duration can be collected from the app’s network. This highlights areas for future research and study.
In an article titled, “WhatsApp Network Forensics: Decrypting and Understanding WhatsApp Call Signaling Messages,” co-authored by F. Karpisek of Brno University of Technology in the Czech Republic, Ibrahim (Abe) Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group at the University of New Haven. These were the observations:
Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps
“We decrypted the WhatsApp client connection to the WhatsApp servers and visualized messages exchanged through such a connection using a command-line tool we created,”
“This tool may be useful for deeper analysis of the WhatsApp protocol.”
According to the researchers at the University of New Haven, WhatsApp uses FunXMPP protocol (deviated version of XMPP) XMPP has been used by Google for one its communication services, the Gtalk.
The researchers were able to acquire a variety of artifacts from network traffic, including WhatsApp phone numbers, WhatsApp phone call establishment metadata and date-time stamps, and WhatsApp phone call duration metadata and date-time stamps. They also were able to acquire WhatsApp’s phone call voice codec (Opus) and WhatsApp’s relay server IP addresses used during the calls.
Does this means WhatsApp can get hacked into? Should this go into the wrong hands, we can’t imagine what may happen. Your thoughts.