WhatsApp Messenger is without a doubt one of the most important applications currently available in the application stores, hackers know this and take full advantage to try to find exploits inside it. In this idea, a German researcher discovered that the authentication protocol used when sending messages is vulnerable and can be exploited to allow a hacker to take over your identity and account for the WhatsApp system.
The 'user authentication when sending or receiving messages is crackable, it allows a stranger to take full possession of an account by sending WhatsApp messages or reading any replies. Any user who wants to send a message, or check if he has unread messages on the server authenticates using a "password" generated automatically by the software. The password is not readily amenable because it is based on the IMEI number of smartphones rather than Apple or MAC Address for Apple users, the identifier of the cell is then reversed and it generates the MD5 hash code.
The problem is that the password generated by the application for the authentication system is based on information about the IMEI of the terminals or the Mac address, and a skilled hacker can transform those numbers into the unique password used for your terminal. The same is valid for discovering the username, and a person who has a sniffing system on a public router could steal many accounts of users who do not suspect anything at all.
Here you have detailed information about how the application can be exploited and I recommend you to be careful which public hotspots you use.
