A group of experts has conducted a research that demonstrates the type of data that can be gathered through the forensic study of WhatsApp.
A new research conducted by forensic researchers at the University of New Haven (F. Karpisek of Brno University of Technology in the Czech Republic, and Ibrahim Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group) is worrying the large community of WhatsApp users. The experts demonstrated that the popular messaging service WhatsApp collects data on phone calls, including in numbers, call duration and other information.
“Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps,” said Baggili.
The experts discovered that WhatsApp implements the FunXMPP protocol, a binary-efficient encoded Extensible Messaging and Presence Protocol (XMPP) for the near-real-time exchange of structured data.
The group of researchers decrypted the connection between the WhatsApp client and servers, then they were able to view exchanged messages using a custom-made command-line tool they have created for the analysis.
According to the boffins, this is the first time a research group has probed how WhatsApp uses signalling messages to establish voice calls.
The team has focused its analysis on the signalling messages exchanged during a WhatsApp call established with an Android device, the experts have studied the authentication process implemented by the WhatsApp clients and uncovered the codec used by WhatsApp for voice media streams, the Opus at 8 or 16 kHz sampling rates.
The analysis of the traffic allowed to discover which data the client sends to the servers while establishing a call. Data includes WhatsApp phone numbers, WhatsApp phone call establishment metadata, date-time stamps, and WhatsApp phone call duration metadata.
The researcher discovered much more, they examined how relay servers are announced and the relay election mechanism, and how WhatsApp clients announce their endpoint addresses to use for the media streaming, along with the relay server IP addresses used during the calls.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.