The H-Online: WhatsApp Sniffer is an app able to display messages from other WhatsApp users connected to the same network as the app user. The tool diverts all data traffic on, for example, a Wi-Fi network through the user’s smartphone and seeks out WhatsApp messages, which are transferred in plain text. All the user requires is a rooted Android smartphone.
The WhatsApp messaging service has established itself as an alternative to texting between smartphone users, because, unlike text messages, users only have to pay for data use. And if a user is in range of a free Wi-Fi point, then it is free to use.
But on public Wi-Fi networks, using WhatsApp turns out to be a very bad idea. Unlike, for example, iMessage, WhatsApp messages are transmitted in plain text, meaning that curious eavesdroppers, along with the intended recipient, can read them.
What previously would have required the use of a range of tools and some basic networking knowledge can now be performed at a stroke using WhatsApp Sniffer. The only way for users who have installed WhatsApp to avoid this is to refrain from using it on any Wi-Fi network that potentially untrusted users could be connected to.
The app uses ARP spoofing to divert all local network traffic through the smartphone. If it finds WhatsApp messages in this traffic, it displays them in a user-friendly conversation-style view. It displays both incoming and outgoing messages and can also display photos and video. A short test by The H’s associates at heise Security found that the tool performed just as promised.
WhatsApp Sniffer was originally available to download from Google Play, but was removed a few days ago. This may slow down its dissemination, but it is not going to stop it altogether – a search on Google quickly unearths the APK installation file. The DroidSheep app, which allows users to intercept Facebook sessions and other web services, was also recently removed from Google Play, but is still proving popular.