The WhatsApp photo book provider Zapptales has been criticized. A leak in the provider’s desktop software made 69,000 chats freely accessible on the Internet.
Zapptales allows you to print your WhatsApp chat as a photo book. (Source: Netzwelt)
- The provider Zapptales enables you to create photo books from your WhatsApp chats.
- A bug in the desktop software allows access to the uploaded chats.
- The gap has been closed. Researchers are still critical of the provider.
Anyone who has used the provider Zapptales in the past few months to print their WhatsApp chats should now feel an uneasy feeling in their stomach area. The “Zerforschung” research group discovered a leak in the provider’s desktop software that allowed attackers to access your chats. According to the group, around 69,000 WhatsApp accounts are said to be affected.
The gap was NOT exploited
The problem: The software’s source code contained a so-called token, which is used to authenticate users. In this case, however, he gave the group access to the provider’s cloud storage. There, the security researchers had access to the unencrypted stored chats, voice messages and images that had been uploaded by WhatsApp users. They were able to access a full 21 terabytes of data.
After Zerforschung reported its find to the Bavarian State Office for Data Protection Supervision and informed this Zapptal valley, the leak was closed immediately. In addition, according to the provider, research has shown that the vulnerability was not actively exploited.
Exploration continues to be critical
Even if the loophole was closed quickly, Zerforschung continues to be critical of Zapptales’ approach. The provider promises an encrypted transmission of the data. In fact, the upload is also encrypted using SSL. However, this is not enough for the researchers.
“So it would be technically possible to encrypt the data as far as possible so that zapptales has no insight into the chats until the final print job. Then in this case we would have found a bucket full of encrypted files that we can’t do anything with,” she writes Group on their website. In addition, it is critical that contacts cannot check whether their chats have been uploaded.
Zapptales himself has confirmed the vulnerability in a blog post and promises to further increase security.
” Tip: The best VPN providers for more security and data protection
