Following the information we already commented in the article WhatsApp is unsafe. Truth or myth?, and taking into account the comments you made, we want to share with you a new entry.

WhatApp has always been reluctant to release a public API and encourage developers to create applications based on its platform. This has led some people, by means of reverse-engineer, to get to know how WhatsApp works internally.

Thanks to the reverse engineer work, an alternative known as WhatsAPI was published  to use WhatsApp from programming languages like PHP and Python, thus opening the door to web applications.

If we add this information to the formerly mentioned weakness of the encryption key, we face the troubling situation that it is even easier now, if anything, to impersonate someone in WhatApp: we only need to know the IMEI of the phone (in the Android devices), or the MAC of the network card (for IOS devices). There are already websites which offer to non-technical users the ability to impersonate a user in WhatApp: you only need to know the MAC or IMEI of the phone you want to impersonate.

  • To know the IMEI of a phone you need to have physical access to it but if we do, in a few seconds and entering a key combination (* # 06 # to Android devices), the IMEI will be displayed.
  • On the other hand, to know the MAC of an IOS device, you only need to capture the traffic while being connected to the same network of the phone to replace, for example, a public Wi-Fi network.

Let us reformulate our safety recommendations, then:

  • Never lose sight of your phone, or leave it accessible to strangers.
  • Avoid using this application when connected to public Wi-Fi networks (airports, coffee shops, etc.). You never know who may be listening.
  • Apply basic security measures to your own Wi-Fi network. This way, you will prevent other users from connecting to it without your consent.

    : check your router user guide for more information to know how to implement the following recommendations, as they may vary depending on the manufacturer:

    • Change the default password that gives access to your router or Wi-FI access point
    • Increase the security of transmitted data, enabling WPA/WPA2 encryption
    • Enable MAC address filtering