“Given the nature of the WhatsApp use model, with backup enabled by default, you could argue that the hack is a key to a treasure house of information … I personally doubt it,” Charles King, principal analyst at Pund-IT, told LinuxInsider. That key no longer works with the encrypted database, according to TiFlo Software, which claims its statistical app cracks the encryption. Keeping Chats Safeīosschert obtained the database’s AES key by using the WhatsApp Xtract tool published in the XDA Developers’ Forum. crypt utility, it’s still possible to read chats from the encrypted database by creating a simple Python script, which converts it to a plain SQLite 3 database. Openssl apparently also could be used to hack the database.Īlthough it appears WhatsApp encrypted the msgstore.db database using the. The hack is possible because the WhatsApp database used to be written in SQLite3. His application displayed a simple loading screen during that process so users wouldn’t notice their WhatsApp database was being pilfered. The process seems straightforward - Bosschert created a PHP script to store the database on a Web server, created an Eclipse project with some additional lines in the AndroidManifest.xml file, and grabbed the mststore.db and wa.db WhatsApp files, which are unencrypted. The flaw works if the database backup capability is enabled, which it apparently is by default, commenters on Bosschert’s blog post said.Īlthough WhatsApp had encrypted its database in February, that encryption is available only in new installations, and updates still use the old, unencrypted version, Bosschert remarked.įacebook and WhatsApp did not respond to our request to comment for this story. “I didn’t find anything new - I only showed how people could abuse this flaw with a working proof of concept.” “They selected for usability in their design, not security,” he continued. “This is not a bug, but a design decision of WhatsApp,” Bas Bosschert, chief technology officer of Double Think, told LinuxInsider.
#Whatsapp sqlite password android
An Android developer’s disclosure that it’s possible to hack into the WhatsApp database and read the text of the chats from another application could be a big headache for Facebook, which has agreed to purchase the app for US$19 billion.
0 kommentar(er)
