WhatsApp, one of the most popular online calling apps, has been exposed by a group of researchers who identified how app’s internal protocol is storing call duration and personal information of the participants.
Though, WhatsApp has never claimed itself to be an anonymous calling service but this new research has unveiled new information on how the app’s communication systems have been powered.
According to the researchers at the University of New Haven, WhatsApp uses FunXMPP protocol (deviated version of XMPP) XMPP has been used by Google for one its communication services, the Gtalk.
The researchers also analyzed the exchanges of messages between the Android phone and WhatsApp server. What they found was that WhasApp has set up a complete system of gathering the data.
First they authenticated the users involved in the call and then a communication channel was setup using Opus codec at 8 or 16 KHz. After this, they established the call’s relay servers and endpoint IP addresses.
The scraping of data doesn’t end here; researchers were able to identify the app sending Metadata like phones number, timestamp, audio codec for the call and the call duration to its servers.
Ibrahim (Abe) Baggili, a researcher at the University of New Haven said:
“Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps.”
The researchers, after the analysis, raised the alarm for what could be a potential privacy hack with many people around the world using the app. But, they haven’t yet analyzed the servers storing the data for any security loopholes. If there are any could be exposed by the hackers.
“We decrypted the WhatsApp client connection to the WhatsApp servers and visualized messages exchanged through such a connection using a command-line tool we created,” the authors wrote. “This tool may be useful for deeper analysis of the WhatsApp protocol.”
On February 19, 2014, Facebook announced it was acquiring WhatsApp for US$19 billion, its largest acquisition to date. Despite Facebook‘s reputation of collecting and sharing data with security agencies, millions of users are still using WhatsApp.
UNH