Security Threats for Instant Messaging Platforms

Global surveillance emerged as a phenomenon since the late 1940s and Internet and mobile technology are being developed with such pace that it is impossible to guarantee electronic privacy and nobody should expect it. How strong are the actual Instant Messaging Platforms? Do they take care of our security and privacy? We'll look inside the security of several clients (like BBM, Snapchat, Viber or Line) and will put our focus on WhatsApp.

WhatsApp might not be as widely known as Twitter, but the company announced that it has passed 400 million active monthly users. WhatsApp has been plagued by several security issues in the past, so we decided to start the research. We’ve discovered several vulnerabilities more that we'll disclosure (with proof of concept code), including encryption flaws, remote DOS (making the client crash by sending a custom message) or how to spoof messages manipulating sender address information.

Jaime Sanchez
Jaime Sanchez (@segofensiva) is passionate about computer security that has worked for over 13 years as a specialist advisor for large national and international companies. He works for Telefonica and holds a Computer Engineering degree and also Executive MBA, as well as holding several certifications like CISA, CISM, CISSP, just to name a few. He is a frequent speaker introducing new bugs, exploitation techniques and mitigation, as in RootedCON, Nuit du Hack, Black Hat Arsenal USA 2013, Defcon 21, DeepSec, BlackHat Sao Paulo, Shmoocon and many others. Frequent contributor on several technical magazines in Spain, involved with state-of-the-art attack and defense mechanisms, network security and general ethical hacking techniques, he also writes a blog called SeguridadOfensiva (, touching on current topics in the field of hacking and security.