If you thought the strong end-to-end encryption that WhatsApp uses to safeguard the conversations of more than 900 million people who use the app prevents any access to your personal information, sorry to inform you that you are wrong!
The latest WhatsApp calling feature is where all the trouble begins. This feature collects personal user information such as phone numbers as well as call duration without the knowledge of the user, which renders the usage of this feature unsafe.
This information was made public by the Cyber Forensics Research and Education Group from the University of New Haven. After carrying out a forensic examination of this popular messaging app, the researchers found that it is possible for data to be collected from the app’s new calling feature. This report can be found in the scholarly Journal of Digital Investigation.
The researchers’ findings
In a statement by Ibrahim Baggili, who is a co-director of this research group said that this research is meant to demonstrate the fact that data can be collected from WhatsApp. Also, Baggili notes that this research’s findings are very crucial to future studies regarding network forensics of instant messengers. The researchers further revealed that it is not an easy thing to decrypt the network traffic since you will need access to both data on the device and full network traffic.
The paper also comes with an outline of the app’s messaging protocol but from a networking point of view, something that makes it possible for other researchers to come in to explore and study the network communications of this Facebook-owned messaging application.
In a bid to get better insights into these messaging protocols, the researchers thoroughly analyzed the signaling messages that are exchanged in the process of making a WhatsApp voice call on an Android device. The findings from this analysis were mouth-watering as the group was able to closely look at the entire authentication process for WhatsApp clients, find out the codec that is used for WhatsApp voice media streaming, get a picture of the relay selection mechanism and how the relay servers is announced, as well as understand how these clients announce their destinations’ addresses with respect to media streams.
The team of researchers finally came out with interesting information about WhatsApp’s network traffic, including voice call establishment Metadata and time stamps, phone numbers as well as voice call duration Metadata and time stamps. The team also was able to get the codec used by WhatsApp to stream voice calls (Opus) as well as the relay server IP addresses that are used when making WhatsApp calls.