3 ways to hack WhatsApp by exploiting flaws revealed by researchers; Watch video
Of the three flaws, only the third has been fixed by Facebook as of now.
Recently found vulnerabilities allow hackers to tamper with conversations. Researchers of Check Point Security Dikla Barda, Roman Zaikin and Oded Vanunu disclosed three methods of exploiting these flaws in Whatsapp.
The researchers pointed out that the bugs allowed attackers to intercept and manipulate messages sent in private and public group conversations. This allows them to spread misinformation from what people recognize as legible sources.
Watch this video to understand this better-
According to Vanunu, who spoke at the Black Hat conference in Las Vegas, Nevada, these vulnerabilities have existed for over a year now, despite them being disclosed in 2018. According to Financial Times, Facebook stated that the ‘bugs’ were the consequence of "limitations that can't be solved due to their structure and architecture."
The researchers even developed a tool that demonstrates the issue acting as Proof of Concept. The vulnerability can be exploited in three ways.
The first thing attackers can do is use the ‘quote’ feature in a group and change the sender’s identity.
The second way is altering a message by intercepting it via the tool while replying to it. The researchers described this way as ‘putting words in a contact’s mouth’.
The third is sending a ‘Private’ marked message to another group participant through the tool. The person will reply to the message which is ‘hidden’ to everyone else but as soon as he does, people will see it as a reply to the original message.
Of the three flaws, only the third has been fixed by Facebook as of now.
Theoretically the flaws could be used to spread fake news on a large scale very fast. The researchers developed the tool to bring to attention the issue so that they can tackle this problem.
Countries like India, Brazil, UK and Kenya suffer from large amount fake news spreading.
“WhatsApp is the most popular instant messenger in the world. These security flaws found in the app are indeed very serious, as they could result in group chat participants being humiliated by false messages. This does not mean that users should stop using WhatsApp, as, while security bugs are of course dangerous, they are not uncommon in any type of software. Yet, users should be very careful when contributing to group chats. In case of any doubt during correspondence, confirm the author’s identity in a private chat. We strongly recommend keeping an eye on when WhatsApp updates are released and downloading new versions immediately to stay secure,” – said Victor Chebyshev, security researcher at Kaspersky