By Tarik El Barakah and Youssef Igrouane
Rabat – A Moroccan student discovered a loophole in the cross-platform mobile messaging app WhatsApp.
19-year-old Ahmed Lekssays illustrated how WhatsApp messages can be accessed via iOS system, which operates Apple’s phones and tablet devices, if the application file is transferred to a device running on Linux operating system.
“I knew that the bug is in Android, so I was just curious about it. Hence, I decided to look for it in iOS, and I found it,” Ahmed Lekssays told Morocco World News.
The loophole allows access to private WhatsApp messages, the list of names and telephone numbers even if the phone is protected by a user code or a password.
The WhatsApp security team thanked the young Moroccan student for discovering the loophole.
“Thanks for reaching out to us. Yes, if you lose control of your device/OAuth tokens or cookies for that matter, your session may be hijacked. As you know, WhatsApp creates a second backup of the phone’s contacts on its folder, so the contacts will be also copied.”
“We hope you continue to contact us with issues like this in the future. Thanks for helping keep WhatsApp secure!” the WhatsApp team added.
The young Moroccan had previously discovered another loophole in the Twitter application on iOS-operated devices.
Lekssays, a student of Computer Science at the University of Al Akhawayn in Ifrane, is a permanent member of the OWASP organization, an online community dedicated to web application security which includes corporations, educational organizations and individuals from around the world.
© Morocco World News. All Rights Reserved. This material may not be published, rewritten or redistributed without permission