WhatsApp vulnerabilities allow others to fake messages

WhatsApp vulnerabilities allow others to fake messages

In the sample, the boss's message was altered to increase the supposed raise from $500 to $1,500.

A security firm, Check Point Software Technologies Ltd., has detected flaws in WhatsApp that will enable hackers to change the content of messages in both public and private conversations in three different potential ways.

Three possible attack modes determined by the Check Point team, all exploiting social-engineering tricks to fool end-users and all giving an attacker the weapons required to intercept and manipulate WhatsApp messages.

What is more worrying is that Facebook said that it isn't practical to fix the WhatsApp security flaw.

According to Vanunu, who spoke at the Black Hat conference in Las Vegas, Nevada, these vulnerabilities have existed for over a year now, despite them being disclosed in 2018. However, they did not find any vulnerability in the security that Facebook provides to its users. "We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private-such as storing information about the origin of messages", a Facebook spokesperson said. The exploitable element here is the web version of WhatsApp, which uses QR codes to pair to your phone.

Shweta Tiwari Accuses Husband Abhinav Kohli of Domestic Violence?
Abhinav was brought down to the police station around 1 pm and after that, the four of them were present there for almost 4 hours. In her complaint, Shweta pointed out the inappropriate behaviour of her husband, after which, he was called for interrogation.

In a blog detailing their findings, Check Point Research said that the security flaw means people can edit someone's reply, "essentially replacing words in their mouth". "We manage our private and professional life on this platform and it's our role in the infosec industry to alert on scenarios that might question the integrity", said Oded Vanunu, head of products vulnerability research at Check Point and one of the researchers who discovered the vulnerabilities.

One flaw involves WhatsApp's message quoting feature, by changing the sender of the message even if he/she is not a participant of the group.

Prevent the ability for users to quote reply a message sent prior to a new group member joining, which would also have problems. "Indeed, after decrypting the WhatsApp communication, we found that WhatsApp is using the "protobuf2 protocol" to do so".

We've reached out to Facebook for comment and will update if they get back to us with a more detailed explanation.

Researchers at Checkpoint disclosed the a trio of attack vectors previous year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. "These security flaws found in the app are indeed very serious, as they could result in group chat participants being humiliated by false messages".