Your WhatsApp conversations may not be as safe as you think

By Adam Zeis on 9 Oct 2013 04:32 pm EDT

A post popped up yesterday from Thijs Alkemade, a computer science and mathematics student at Utrecht University in The Netherlands. The post outlines a bit of the core encryption methods of WhatsApp, highlighting a few of the technical aspects of the service and also noting some big vulnerabilities. 

If you can follow along with the original post, you can see that Thijs runs through two "mistakes" that WhatsApp uses in its methods, both of which are able to be exploited if someone has the know-how. Ultimately he determines that your WhatsApp messages can be decrypted given enough effort by a would-be snoop. 

You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it.

Of course this is something that could be (and will need to be) fixed by WhatsApp to patch things up, so they could very well be corrected soon. He also notes that the problems could be avoided if WhatsApp were to use something like TLS (Transport Layer Security), which is exactly what BBM uses for their services.

From Andrew Bocking, Head of BBM for BlackBerry:

I can’t really speak to all of the technical aspects of the WhatsApp system. However people can rest assured that BBM remains a trusted private social network. Where other services may be vulnerable to unwanted snooping or eavesdropping, BBM increasingly uses standard TLS deployment to remove that vulnerability from our service. TLS is a well-known, well-studied protocol. To put it in every day context, this is the same technology used for internet banking.

Hearing things like this can't make cross-platform BBM get here soon enough. We know the demand is crazy high but we just need it to be released. Sadly we're over three weeks in since it was supposed to launch originally, and while it's still on the way, we have no idea when we'll actually see it. Thankfully when it does show up you can rest assured it will be a solid, private messaging service that won't have such issues or vulnerabilities. Something to keep in mind, in light of recent attacks on WhatsApp.

Adam Zeis Adam Zeis "Mobile Nations Content Strategist" 3740 (articles) 2892 (forum posts)

Reader comments

Your WhatsApp conversations may not be as safe as you think


Assuming BlackBerry gets off their asses and release the damn thing to the public asap.

via CB10 (BB Z10 : BLK : OS 10.1) [ Channel @ C0012477B for BB News, MMA & Tech Updates ]

Yer I don't see a point in this article when none of the other platforms bloody have BBM for fook sake. They're taking too long...

What's so difficult anyway? There are a million cross platform IM clients out there.

 BBM Channel: TheGroupRide C00055B7C

Here's to getting cross platform bbm in 2015! Cant wait.

Last official bbm twitter update : Sept 30th. Good times.

Posted via CB10 on my Z10 Oreo

Lol. But it just wouldn't be the same if BlackBerry was on time with things now would it

Posted via CB10

BlackBerry should start branding longlasting condoms. You'll never come again.

Posted via CB10


I'm calling it, BBM cross platform would be released at November, as soon as BlackBerry sale is finalised.

Posted via CB10

I never trusted Whatsapp with anything confidential (never sent any credit card info or other sensitive details). Always told my contacts I will email them and suggested they do the same. BBM on the other hand I have felt very secure in relaying all kinds of information.

You trust email with confidential things? Do you understand how email works, and how its even less secure?

I always said that and that's why I left whatsapp when I upgraded my 9900 to BlackBerry 10

But it seems people don't care about privacy any more.

Given this as a fact it would be interesting how you can sue someone for stealing your data.
At least here in Germany this would be interesting because if you leave your car open for example and it gets stolen you are in serious trouble because you invited him to steal it....

Posted via CB10

Wow. Really? Sounds pretty stupid. So you get in trouble because somebody stole your car--what is the world coming to?

Posted via CB10

In the States you can actually be written a citation for having your car stolen.
ONLY, if the keys were in the ignition. It was $75 fine years ago so I'm sure it's gone up by now.
Some study showed how auto thefts went up each winter because people would come out in the morning and warm their cars and go back inside and leave the vehicle running.

It's against the road security code to leave a vehicle unaccompanied with unlocked doors in Canada. Most people here don't know it until they see the ticket on their windshield. The problem is that if a 10 yo get in your car and take out the brake, car moves and hurt someone. Or you left your keys in, the kid take the car and kill himself + possibly others.

Posted via CB10

That's funny but very deserved. Lock your damn doors, too easy!!! LMAO!!! All throughout life HUMANS are taught to protect themselves, it won't sink in until its too late.

I like the way he compares the tech behind BBM as being the same layer used in Internet banking.

Nice :)

Posted via CB10

Technically it is. Online banking and FTP programs use this type of security.

Posted from the most powerful smartphone,z10

This is still news to some??? Just Google "Whatsapp security" and read till your eyes bleed. No one should consider Whatsapp to be secure

Yes it would be terrific if I could have encrypted communication like BBM with iPhone android users but alas it hasn't launched yet. #botch

Posted via CB10

I had forgotten 'bout cross platform BBM. Assumed it was like BB10 on the playbook...

Posted via CB10

I never thought they were safe. Assumed they were public domain.

Fired from my Z10

Did Anyone think that WhatsApp was Safe?????? No even fair to compare it to BBM. BBM is comparable to iMessage...that's about it.

Regardless, whats app is winning and is used multi platform. The got their s@?!$ together years ago.

Posted via CB10

Unfortunately the general public is pretty clueless. If something is cheap and easy to use, forget the downsides.

Posted via CB10

How many different emotions does a person need to express?
That's all a person needs--not even.

Posted via CB10

Won't really matter since BBM completely botched their release several times over already and still isn't out...

Exactly!! Cross platform security with reference to bbm is a non argument because cross platform bbm doesn't exist.
We're comparing a functional product to a non functional product.

Posted via CB10 on my Z10 Oreo

I couldn't agree more. When BBM gets released for my Android device then we'll talk. I hate WhatsApp for other reasons than security, even though it's a big part. Privacy is the biggest issue for me. All that last seen garbage is a pain in my butt. I hate it. I use LINE but I can't wait til BBM gets released for the Android os.

When he says "BBM increasingly uses standard TLS deployment", that could mean just about anything. The vast majority of data transfer could still not be using it, as long as the tiny piece that does is getting a little bigger.

Don't say anything yet BlackBerry

Don't release BBM cross platform until it is 100% ready and been tested to death.

Posted via CB10

Exactly. Wait till KIK and whatsapp have so many users that nobody will desire to change to bbm. :s

Posted via CB10 on my Z10 Oreo

This is one more reason why I'm waiting for BBM. I don't care how many users that app has I will NEVER go with that app.

My only recommendation is not to send passwords, account numbers, credit card numbers and other sensible data by this means of communication, that will be the only data that may get you harmed and the one that maybe someone would be trying to get.

BlackBerry's reputation is already in the toilet.

Making promises that they can't keep is their USP .

I'm sure that goes down well with consumers.

It's time for some cool heads and a proper execution programme complete with deadlines.

Posted via CB10

Who cares whether whatsapp is secure or not? If anyone on CrackBerry has top secret conversations then I'm sure they know better than to use whatsapp. For everyone else whatsapp is more than enough. Who cares whether BBM has online banking level security? They can't even bloody get it cross platform which every other IM client had been able to do like Whatsapp, Viber, Line, WeChat, and whoever else. Everyone pontificating about whatsapp's security or lack of it are just asses. If u already use Facebook on ur phone whoever needs to know ur business knows it. So if anyone thinks it's a great deal for BBM to have top of the line app security it's just bullshit and doesn't mean anything to anyone other than dumb ass fanboys. I am so sorry that it has come to this but it's exactly this attitude that has brought blackberry the company and the brand to this state of affairs. When competitors are able to achieve simple things the focus should be on understanding if those successes can be replicated instead of deriding them for it. If we still are hung up about whatsapp's security I think we are missing the whole point. This is an entreaty to CrackBerry nation and those who write articles. There are enough things to cover to cater to the faithful and make this a winning forum than write deriding things about the competition. The ones who do that are just sore losers and nothing more. Maybe we should think about that.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

I have said what I had to say. It's up to u to decide whether I'm right or wrong.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

Define pontificate. Oh wait, you just did.

You do realize this is a forum for BlackBerry users, right? People are expected to express their views, regardless of their ridiculously flawed thought process or the ridiculous number of inaccuracies. You just exercised your privilege to the same - why would you complain?

I've said what I had to say. It's up to u to decide whether what I've said is right or wrong.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

Wow you must be forced to use a blackberry at work and are upset by it. Work realizes security is of vital importance and that's where blackberry rules. The conservation you may have about boys or girls however you flow it should be sage, you seem like the type that could hate having a camera on you all the time but dont think about your phone security. If it's got it it's a plus, if no security, why use it. Common sense to me, weither I am branded a fan boy or not.

Posted via CB10


I love BBM. The purpose of the argument was not to portray it in lesser light but to define it's standing as an IM client. The moment we decide to focus on the shortcomings of Whatsapp, we've lost the battle because we're going on the defensive. That's the point i've been trying to make. BBM is superior to Whatsapp on the security front but that doesn't matter because most people don't care about it. That's why our argument should not revolve solely around the theme of security because save for a few corporations and maybe some individuals like u & I, the vast majority don't care about security. This is why facebook is a rip roaring success and why Edward Snowden is the villain in a battle revolving around civil liberties. In this back drop if our only argument is BBM is secure, then no one will care because everyone already knows that. It's what more BBM can do that will be the key to its adoption. If our script revolves around whatsapp, then we first need to prove that we are as good as them, bring cross platform then we become equal to most IM clients. Until then this security hullabaloo is just white noise and preaching to the choir. ‎

U all know it and ur reactions just prove it.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

We are told by a group of users on the CrackBerry forums users don't care about security. Or, non BlackBerry systems are secure enough. Or, if you're not doing anything wrong you need not worry about the state eavesdropping on your private conversions.

Posted via CB10


two comments.

1) about the past WhatsApp hacking. The hack was done above the website, and not the WhatsApp servers that contain data. when I say above, it means that the website was doing fine, but no one could view it, instead the URL was redirecting to another website. It was not defacing (where the files on the web server are edited).
Basically the WhatsApp guys forgot to renew their domain name.

about the hack exposed by Thijs Alkemade. It does not need to have any direct access to your device. It simply requires to be able to sniff what you are doing. This is especially true if you use a Wi-Fi HotSpot. The hacker simply needs to be connected to the same Wi-Fi HotSpot (or be the HotSpot owner).

3 weeks and no BBM. Yes BlackBerry it was the leak Android that causes the Problem. Now i hate u soo much, sh*t on you, I use Skype now.

Posted via BlackBerry Z810

Nobody cares. Until apples comes out with updates to iMessage that ensures encryption in a manner that can be marketed people won't care. Sorry, if Samsung comes up with some they can also get people to tout it, but it'll take longer and probably cost more marketing $$.

Hey BlackBerry NOW would be a good time for cross platform BBM launch. Hurry up what's the hold up?!

CB10 - Z10 -

Bbm is losing steam everyday and what I see on twitter the most is that there is no response from @bbm which makes BlackBerry look terrible and is p*ssing people off.

I think that this private deal is intentionally botching bbm.

Why isn't it on ios? It takes this long to tweek it for ios7?

So sad :(

Posted via CB10

BlackBerry are in a weird state atm so it's normal for them to go off schedule. Replying to twitter comments is their own decisions but I do agree that it does make them look bad. I hope they get their reputation back because I don't want to be rocking an android phone, that's for sure!b

Posted via CB10

Eventually consumers will realise how important security is, after all nowadays they do their banking on their devices and hold basically their whole life on their phone. Once a few have been hacked or cloned then they'll start thinking about it. I remember years ago most people using a pc had no firewall, anti virus etc. - people know better now. They will learn one day!

Posted via CB10

There you go folks, another reason why you should message your mistress on BBM. Haha. Just kidding. I don't condone cheating. But if you are and need to chat, use BBM. It's more secure than most marriages.

Posted via CB10

WhatsApp sucks, but if bbm is not in cross platform format, it really makes no difference. We need bbm 4 all ASAP.

Posted via CB10

I had decided not to use Whatsapp when I had my 9930 because I couldn't separate my business and personal life communications and I believe my contact info/number would be shared in the network with people I didn't know, although I can't remember how.

Via CB10 & Z10 or Q10

It's a messenger, how secure do you need your conversations with friends to really be. If you're concerned with security you should likely opt out of a free app.

Posted via CB10

It is the right time for news like this to appear ...
...and this is just the beginning...

...forever BlackBerry...

Lol yeah, couldn't be a better moment than now for BBM to release..well other than the actual release date, three weeks ago.

Posted via that z10!

Blah, blah, blah. Whatsapp is out and it works. BBM? Nowhere to be seen except on Blackberry. I love my BlackBerry, but these articles seem like they are the consolation prize. Stop trying to disparage whatsapp everyday and get the clearly superior (ahem) BBM out already for cross-platform use. Otherwise this all sounds like sour grapes.


All these articles spreading FUD...Sour grapes. As it stands, Whatsapp is infinitely more useful than BBM right now on Android and iOS. Bring BBM4ALL out and then we'll talk

I had suspicions of what's app a few months back so deleted it... thank my lucky socks I did that... I don't think bbm will be coming out any sooner as planned... more like in 2015 or so... too slow off the mark getting it x platform... I've given up telling my friends now... a proper let down by bbry...

Sent by Bbry Zed10

I didn't know what'sApp even had any kind of security. I thought all messages were sent in the clear.

Posted via CB10

Who cares. WhatsApp works cross platform and is seemless to your contact list. BBM is blackberry only and requires an email address.

Posted via CB10

At least Whatsapp is 4all... I don't have any friends that have BlackBerry so bbm sucks for me. Useless app.

Posted via CB10

In the meantime, folks can always enjoy the pinnacle of what is BBM by upgrading from whatever they're using to a BlackBerry 10 smartphone.

Posted via CB10

WhatsApp may not be secured as BBM... but it is still BETTER than NOTHING... the only thing that users must do is NEVER send any confidential information...

Posted via Z10

Wasn't there a post or report or something where BBM was considered "scrambled" as opposed to "secure"? Or was that simply pin to pin messaging? I recall them referencing CSIS report where they refer to a BlackBerry whitepaper and the whitepaper even used the word "scrambled".

Cross Platform BBM would be the final nail in the coffin for this terrible run company. People in third world countries are sticking around for BBM. They can't wait to have BBM on their cheap Droid.

BlackBerry is going to be chopped up and sold in pieces. My S4 is so much better than your Z10.

So how does whatsapp have to do to get the same security, what is it that's stopping them? Do the have to start up there own network of servers or something? Idk

Posted via CB10

Just to echo others. It may be one thing to be late delivering cross platform bbm, it is entirely another to give some lame excuse and then disappear for three weeks with little or no communication. BlackBerry' s communication style is really a huge problem. The company is so distant from its consumers that this alone turns them away.

Posted via CB10

Stop talking/comparing coz BBM4ALL hasn't been able to release the damn thing to public.

Posted via CB10

Not exactly surprising, the people or the person behind whatsapp has been known to be incompetent with regards to data security from the start....

This is what, the third or fourth time a major issue with that "service" is published?

Posted via CB10

If they hacked into my Whatsapp account they would have endless messages detailing what time I'm leaving work and my wife asking me to pick up some milk on the way home.
We happily send vital documents (bank cards, transaction statements, solicitors letters, contracts etc etc) through the post in an envelope sealed with a spot of melted cows hoof and feel that is perfectly secure. Yet when we send a message asking our mates "what time u out?" we want CIA levels of encryption.

Anyway, I like Whatsapp, it does everything I need it to do, plays nicely with my contact list and, unlike bbm, is actually available to use across all platforms (even blackberry)

If you're using an instant messaging app for confidential conversations and think they're 100% secure, you're crazy.

WhatsApp is fine...

Posted via CB10

Meh, who cares. I'll keep using Whatsapp until BlackBerry can get off their incompetent asses and release BBM. Whatsapp isn't anywhere near as desirable to me as Whatsapp, but I'll use what i can get right now.

Seriously, whats the big deal about this? What are you guys hiding? How big is your companies secret deal? Why are u doing multimillions business in whatsapps! Come on..

Posted via CB10 with BlackBerry Q10

From what I keep hearing most Android & IOS users are not Arsed about who snooping on them.

Maybe they will when a Policeman or something like that, knocks on the Door, because people have been committing crime in their Name.....

Posted via CB10

I agree that most people don't care about security. But it still comes down to , WhatsApp did not tell users that their conversations can be compromised. It would be interesting to find out what other dirty little secrets WhatsApp is hiding! As far as correcting the security problem, well if it so easy everyone including Samsung would of done it, even Imessage don't you think! Don't you think every Messaging app would want to be secure just like BBM, of course they would. But they can't or they would of done it!

I've been saying this from day one, no other messaging platform is more secure than BBM.

hi there my name is Sharon , if you are stuck or in need of a brilliant

mind to help hack your cheating spouse phone,text ,email or account

or Skype,BBM,Twitter,AOL,
- Personal Computer Takeover
- Background Checks
- Hack into various social networks,recover lost password
(facebook, twitter,Instagram, Google+,whatsapp etc)
- Specialized and experienced hacking into Educational
Institutions, Change of Grades, Clearing of Criminal Records,DMV

records,Blog Hack, Clear Credit Card Debts, Drop Money Into Credit
Cards, Smartphone Hacks, Bank Account Hacks in various parts
of the world etc
Anything Hacking Contact ,

/o/r/i/g/i/n/a/l/b/l/a/c/k/h/e/a/r/t/0/0/@/g/m/a/i/l/./c/o/m/ to

help catch my cheating
spouse,he delivered as was promised he is really a genius,he also

does P.I jobs clears
your record,changes your school results(did that for my friend's son)
and helped me recover my lost funds/money i lost to scammers.

impressive , guess i am
so lucky.i love him and his work. you should try it,only a few out there

are good he is
one of the best. you would get the best deals