Media reaction on Whatsapp bugDate: 2013-08-03 13:53:58
In july 2013 we published a way to abuse the popular chat software Whatsappto get payment information from google wallet and Paypal.
This means an attacker could intercept the first request via a suitable man-in-the-middle attack and successfully redirect the user to any Webpage when the user is trying to buy Whatsapp credit. To gain useraccounts the attacker could setup a fake Google-Wallet or Paypal Systems page to harvest user accounts. It might even be possible to gather directly money through this, for instance let the user pay the 0,99 cents via Google Wallet or Paypal to the account of the attacker
The article has shown some media reactions for example at heise.de, zdnet.deund techweekeurope.co.uk