WhatsApp Stores 2FA Codes in Plain Text

Back in 2017, WhatsApp introduced two-factor authentication (2FA) to provide an extra layer of security for millions of messenger users. However, it was recently discovered that there is a serious flaw in the implementation of this feature.

According to reports from Twitter users, WhatsApp stores security codes for two-factor authentication in unencrypted form. On iOS devices, these codes are located at /var/mobile/Containers/Data/Application/Whatsapp/Library, and on Android devices at /data/data/app/com.whatsapp/shared_prefs/com.whatsapp_preferences.xml.

The text file containing the code is stored in the app’s sandbox, so other applications cannot access it. Additionally, a copy of the file is not included in regular WhatsApp backups. On the other hand, the codes are visible on Android devices whose owners have root access. This means that apps with superuser privileges can access the file containing the code. On iOS, there may also be vulnerabilities that allow third-party apps to access the file, so WhatsApp developers should encrypt it to prevent possible negative consequences.

Source

Our other channels
Our friends and partners

DarkNet KING Shedding Light on the Hidden Web — Your Gateway to Trusted, Secure Information

WhatsApp Stores 2FA Codes in Plain Text

WhatsApp Stores 2FA Codes in Plain Text

Leave a Reply Cancel reply