A talented 19-year-old Moroccan student has reported a potential security bug in WhatsApp for iOS, the smart young man called “Ahmed Lekssays” succeeded to access WhatsApp messages by copying the app files to Linux operating system.
The loophole grants access to private WhatsApp messages, list of names and telephone numbers even if the phone is already protected by a user code or a password. The official security team of WhatsApp has confirmed the security breach via an email as a reply to Ahmed’s notification about it:
Thanks for reaching out to us. Yes, if you lose control of your device/OAuth tokens or cookies for that matter, your session may be hijacked. As you know, WhatsApp creates a second backup of the phone’s contacts on its folder, so the contacts will be also copied.
We hope you continue to contact us with issues like this in the future. Thanks for helping keep WhatsApp secure!
The talented young student has previously discovered another loophole in Twitter app for iOS.
“Lekssays”, is now studying Computer Science at the University of Al Akhawayn in Ifrane, is a permanent member of the OWASP organization, an online community dedicated to web application security which includes corporations, educational organizations and individuals from around the world.