WhatsApp is one the most used mobile messaging applications, counting more than 900 million users around the world in September 2015 . The app includes many features, such as text chat, group chat, photo sharing, voice sharing, video sharing, and voice calling, which make it highly popular. Furthermore, WhatsApp business model, which is based on a low-cost subscription model, make it a cheap alternative to traditional SMS solutions offered by cellular carriers, especially for international communication.
WhatsApp uses cellular phone numbers to automatically register a user to the service and to associate users with registered accounts. Using this feature, one can communicate with other WhatsApp users without having the need to create a friendship relationship beforehand. While on one hand this feature enables fast connection and communication setup, on the other hand malicious users can exploit it for realizing different types of attacks to single or multiple user accounts. For example, a malicious user can send spam messages , can send hoax messages , or can monitor users activity .
In this project, we want to have a better understanding of the networking protocol used by WhatsApp, so to analyze and validate its robustness. We want to see if malicious users can exploit possible weaknesses of the network protocol inventing other types of attacks that have not been yet considered.
The student should have average or advanced knowledge on Networking Protocols, Cryptography, and Programming. The first step towards our analysis consists on devising a way to decipher the encrypted WhatsApp messages, which are encrypted using the SSL/TLS protocol. To decrypt the messages we will use:
1. one Android smartphone where we will install the WhatsApp app;
2. one Linux machine that will act as proxy for the Android phone to connect to;
3. a man-in-the-middle proxy able to decrypt SSL/TLS traffic;
4. the Wireshark tool needed to sniff and analyze the network packets;
5. other tools discovered during the project.
The student will have the opportunity to:
1. Implement a simple application for Android OS;
2. Better understand how the Networking protocols are used in practice by big companies;
3. Improve knowledge on security and privacy;
4. Learn how to read and write scientific reports.