Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Ha pasado ya un tiempo desde el lanzamiento de nuestro proyecto whatsappvoyeur, y a través de él hemos podido observar a whatsapp y sus reacciones y cambios en materia de seguridad.
- tenemos que admitir felizmente que whatsapp está mejorando, aunque sea tímidamente, ante el mensaje conjunto que todos los investigadores de seguridad IT tratamos de hacerle llegar de forma amistosa y constructiva, aunque comprendemos que puede resultarles incómodo: hemos demostrado a lo largo de todo este tiempo que whatsapp tenia que mejorar mucho, y sabemos que ellos nos escuchan porque siempre reaccionan de alguna manera tras publicar nuestros descubrimientos.
- Seria un placer para cualquier investigador poder colaborar mano a mano con la gente de whatsapp con el fin de lograr un servicio más cuidadoso con la privacidad y la seguridad. Ellos saben que pueden contar con nuestra colaboración directa y abierta, y que nuestro deseo no es perjudicar a las startups sino defender los derechos de los usuarios y conseguir servicios de más calidad para todos.
- con respecto a mi último comunicado, estamos contentos de informar que whatsapp ha empezado a implementar un mecanismo de "banning" contra las peticiones abusivas realizadas desde la misma cuenta; whatsappvoyeur utiliza múltiples cuentas para relizar sus peticiones de una forma lo mas suave posible para no saturar ninguna, y ademas tenemos la capacidad de crear cuentas nuevas de forma virtualmente ilimitada, pero debemos reconocer que alguas cuentas ya fueron bloqueadas y esto nos alegra ya que supone un aumento del nivel de dificultad considerable.
- creemos que este aumento de la dificultad evitará que los spammers promedio puedan robar nuestros datos de perfiles de whatsapp de manera masiva, o que se generen listas de números válidos que luego se puedan utilizar para hacer spam en whatsapp.
- sin embargo, aun seguimos preocupados por el hecho de que los datos de los perfiles de whatsapp siguen siendo totalmente públicos, y no hay un mecanismo de autorización de contactos disponible. este es el motivo por el cual la existencia de whatsappvoyeur sigue siendo posible
- tambien seguimos preocupados porque los servidores de whatsapp continuan recibiendo y almacenando nuestra agenda completa, incluyendo los números de telefono de personas que NO tienen whatsapp, lo cual viola algunas leyes de privacidad y protección de datos. De hecho, las autoridades de protección de datos de Canadá y de Holanda estan tramitando denuncias contra whatsapp por este motivo (http://blog.segu-info.com.ar/2013/01/whatsapp-acusada-en-holanda-y-canada-de.html)
- toda esta problemática se puede resolver con un rediseño en profundidad del modelo de funcionamiento y tratamiento de los datos de whatsapp, y esperamos que ya esten trabajando en ello porque otras aplicaciones como spotbros o line estan ganando adeptos muy rapidamente, y uno de sus puntos fuertes es precisamente una mayor seguridad.
- esperamos algún dia poder comunicar la feliz noticia de que whatsapp ha resuelto estas debilidades en su modelo de datos. nosotros siempre estaremos abiertos a colaborar con ellos y a ofrecerles consejo en calidad de consultores independientes.
- alist3r - whatsappvoyeur.com
- ======
- It has been some time since we launched whatsappvoyeur, and through this project we have been observing whatsapp's evolution, reactions and changes in its security design.
- we happily admit that whatsapp is improving, although in a timid manner, against the joint message that all the IT security developers have been trying to make them arrive in a frienly and constructive way, although we understand that those messages could be uncomfortable for them: we have demonstrated repeatedly along all this time that whatsapp must improve a lot, and we know that they listen to our messages and know about our discoverys because they always somehow react after we announce them.
- It would be a pleasure for any IT security researcher if whatsapp would give us the opportunity to co-work hand to hand with them in order to achieve a service that would be more careful with privacy and security. They must know that they can count on our direct and open collaboration, since our goal is not to harm whatsapp nor any startup, but to defend the rights of the users, keeping them safe in the net, and aiming towards higher quality services, resulting in a higher profit for all parts.
- regarding changes since our last announcement, we are happy to inform that whatsapp has started to enforce a banning mechanism against abusive use (bulk queries) of a given account.
- this affects whatsappvoyeur partially, since we use several accounts to manage your queries in order to soften the overload of a given account, and moreover we have the ability to create new accounts virtually endlessly, but we have to admit that some accounts have been already blocked, which makes us so happy because that means a considerable increase in the difficulty level.
- we think this increase in difficulty will render the average spammer unable to mass-harvest our whatsapp profile data and/or build valid numbers lists that could be used to make targeted and highly efficient message spamming through whatsapp.
- nevertheless, we are still afraid for the fact that whatsapp profile data is still (aw)fully public, and there is no contact authorization mechanism implemented whatsoever yet. this is why whatsappvoyeur existance and functionality is still being possible.
- we are also still worried beause whatsapp's servers continue receiving and storing our entire contact lists, including the phone #s of people that is not whatsapp user, which violates some privacy and data protection laws in several countries. In fact, data protection authorities from Canada and the Netherlands have been preparing official complaints against whatsapp atter previous investigation and analisys.
- (http://www.usnews.com/news/technology/articles/2013/01/29/canada-holland-whatsapp-violates-privacy-norms)
- all this problems can be resolved with a deep redesign of whatsapp's data model and data workflow, and we hope they are already working on it because other apps and services like spotbros and line are quickly gaining ground and increasing their user base, and one of the key points those apps are relying on to defeat whatsapp is a better security.
- we would love to announce the happy news about whatsapp solving all those weaknessess in its design, someday. The IT security researchers will always be open to collaborate with whatsapp and giving them advice as independant consultants.
- alist3r - whatsappvoyeur.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement