What Will WhatsApp Leak About You?

Hello folks,

The new calling feature of WhatsApp lets quite a few details to be collected from the app’s network such as phone numbers and phone call duration.

The study regarding this was conducted at the University of New Haven’s Cyber Forensics Research & Education Group, and the results were outlined in a paper published in the scholarly journal, Digital Investigation. The article was co-authored by F. Karpisek of Brno University of Technology in the Czech Republic, Ibrahim (Abe) Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group at the University of New Haven.

“Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps,”

said Baggili. The authors mentioned that it isn’t easy to decrypt the network traffic, as both access to data on the device as well as the full network traffic is needed.

“We decrypted the WhatsApp client connection to the WhatsApp servers and visualized messages exchanged through such a connection using a command-line tool we created…This tool may be useful for deeper analysis of the WhatsApp protocol,”

the paper read.

Baggili added that he would like to see others in the forensics community  use their tools to

“analyze the network traffic of other popular messaging applications so that the forensic community can gain a better understanding of the forensically relevant artifacts that may be extracted from the network traffic, and not only the data stored on the devices.”

The researchers said that they believe they are the first to discuss “WhatsApp signaling messages used when establishing voice calls.”

Specifically, the researchers found that WhatsApp uses the FunXMPP protocol for message exchange, which is a binary-efficient encoded Extensible Messaging and Presence Protocol (XMPP) (WHAnonymous, 2015c).

The researchers analysed the exchange of signalling messages during a WhatsApp call taken from an Android device. This way they were able to examine the authentication process of WhatsApp clients; discover what codec WhatsApp is using for voice media streams (Opus at 8 or 16 kHz sampling rates); understand how relay servers are announced and the relay election mechanism; and understand how clients announce their endpoint addresses for media streams.

“Gaining insight into these signaling messages is essential for the understanding of the WhatsApp protocol, especially in the area of WhatsApp,”

During the calls they were able to gather a lot of information from the network traffic, including WhatsApp phone numbers, WhatsApp phone call establishment metadata and date-time stamps, and WhatsApp phone call duration metadata and date-time stamps. They also were able to acquire WhatsApp’s phone call voice codec (Opus) and WhatsApp’s relay server IP addresses used during the calls.


Happy messaging !

Source: Akati

Comments are closed.