Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No offense but what is the big deal about this...This seems to be extremely low risk if you can even call it a risk, and hardly a vulnerability..

Every method on your website to “exploit” this is retrieving IMEI number through alternative ways which would mean the phone would be compromised anyway...If someone can compromise the phone who cares about this?

Maybe whatsapp can be accessed more easily but isn't that moot if you already have phone access..If you have phone access already why would an attacker care about whatsapp?

Whatsapp is not necessarily insecure based on this..You are giving whatsapp bad publicity for no reason

I don't even think it's a design flaw that they used that as the password because if someone has phone access, and/or access to their number already then they are probably screwed anyway

please correct me if I'm missing the actual vuln here..



Your IMEI isn't secret: not random/hard to guess, and not private. It's like a MAC address. Except you can't change it.


This still seems minor. If someone is able to get the number doesn't that spell larger issues than whatsapp? I get the point being made and I understand the potential issue, but I don't see how its a major security problem with whatsapp as I figure things are probably compromised anyway if the user is able to get the IMEI to begin with


> If someone is able to get the number doesn't that spell larger issues than whatsapp?

No, since it's not a secret. Why would outing your IMEI spell large issues?


even if you have the users phone nurmber and imei nuumber one would assume u already have access to other info then anyway so who cares about whatsapp Can you easedrop on whatsapp sessions from another phone using this info?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: