WhatsApp has patched a security flaw in its WhatsApp Messenger mobile app after someone set up a website allowing anyone to change a user’s status update.
Jan Koum [cq], senior tweet manager for WhatsApp, acknowledged there was a problem but did not say what was causing it. WhatsApp has deployed a patch and will roll out stronger fixes in the next day, he said.
WhatsApp Messenger users can address messages to one another using their phone numbers. The app sends the messages over Wi-Fi or a mobile data connection rather than SMS, potentially saving on text messaging fees. Versions are available for iPhone, BlackBerry, Android and Nokia Series 60 devices, according to WhatsApp’s website.
In apparent frustration with WhatsApp, someone created a website at whatsappstatus.net highlighting the vulnerability, and allowing anyone to enter the phone number of a WhatsApp Messenger user and update that user’s status message. Who set up the website is a mystery, as the domain name registration information is private.
“The engineers of WhatsApp are telling their customers that they will fix it as soon as possible while it’s been a long time now,” the site said. “So on this website we will show you one of the major leaks of WhatsApp.”
Back in May, WhatsApp Messenger’s developers were rapped for failing to encrypt traffic sent over open Wi-Fi connections, Dutch website Webwereld reported.
Send news tips and comments to jeremy_kirk@idg.com