Sci-tech

WhatsApp's Security Flaw Can Allow Hackers To Manipulate Your Messages

WhatsApp's Security Flaw Can Allow Hackers To Manipulate Your Messages”

WhatsApp has refused to fix a security flaw that allows hackers to spoof messages and make it look as if they are coming from someone else, nearly a year after a cybersecurity company warned that it could permit the spread of misinformation and fake news.

Check Point disclosed the flaws at the Black Hat 2019 security conference in Las Vegas, but it's worth noting that Facebook was notified sometime around the end of 2018, and has only managed to fix one of the three vulnerabilities - the one where you can be fooled into mixing public and private messages.

WhatsApp's "protobuf2 protocol" was converted to JSON to find out how the messages could be manipulated.

WhatsApp rejected the Check Point study saying the hacks were not a vulnerability with the security protocols of the instant messaging app.

According to the researchers, the vulnerability would enable threat actors to intercept and manipulate messages sent in private and also in the group.

In particular, the encryption technology used by WhatsApp made it extremely hard - perhaps impossible - for the company to monitor and verify the authenticity of messages being sent by users. This was done by reversing WhatsApp's decryption algorithm data. The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn't write. In June, WhatsApp was criticized as the source of fake news circulating around the India, Brazil, Kenya, and the UK.

The latest study reveals a complex but feasible method for hackers to conduct frauds through WhatsApp.

The first flaw looks to change how a message's sender is identified, allowing hackers to mis-attribute a message, with the second allowing third parties to change the text of a user's reply.

In a statement to IANS, a Facebook spokesperson said it reviewed the issue a year ago and found that it was "false to suggest there is a vulnerability with the security we provide on WhatsApp".

The Facebook-owned messaging app has more than 1.5 billion users and is used in 180 countries around the world; the average user checks the app 23 times a day. The vulnerability relies on the fact that a participant in the group can, of course, access the decrypted version of the messages.

"This does not mean that users should stop using WhatsApp".

"Yet, users should be very careful when contributing to group chats".

Rahul Tyagi, Co-founder, Lucideus said, "WhatsApp can prevent this by addressing the vulnerabilities and fixing them which WhatsApp denied the existence of".



Like this

loading...
loading...

Latest


09 August 2019
Israel Reveals Lost Franz Kafka Archive
About 15 years later Brod, also a Czech Jewish writer, was forced to flee Nazi-occupied Czechoslovakia for Tel Aviv in Israel . Eventually, Israel's Supreme Court sided with the library and ordered the papers to be handed over to them.

09 August 2019
Atlantic Hurricane Season Peak Could be Worse Than Predicted
A major hurricane is one that produces winds of 111 miles per hour or greater, which is at least category 3 hurricane. Forecasters now expect 10 to 17 named storms, with five to nine hurricanes and two to four major ones.

09 August 2019
Ashes 2019: Harris points finger at Anderson over fitness call
James Anderson broke down after just four overs at Edgbaston and did not bowl again as Australia romped to a 251-run victory.

09 August 2019
Sue Gordon Resignation Shows Trump Wants 'Personal Loyalty — Ex-CIA Boss
She has been a stalwart partner to the Senate Intelligence Committee, and I will miss her candor and deep knowledge of the issues. But Trump's plan to nominate Ratcliffe ran into a bipartisan wall of opposition from lawmakers who questioned his expertise.

09 August 2019
President Trump Visits Affected Shooting Areas in Dayton and El Paso
Patrick Crusius , 21, is charged with the shootings and faces a potential death penalty. Material from Reuters and The Associated Press was used in compiling this report .

09 August 2019
Pokemon Sword & Shield will have new 'Galarian Forms'
Earlier this week, The Pokemon Company announced that yet another Pokemon Sword and Shield reveal had been set for August 7th. Fret not, though, as this will be a guide that we'll keep updated whenever Nintendo announces more new Galarian Forms .

09 August 2019
Venice outlaws large ships from historic centre
In response to the crash, thousands of people marched in Venice to demand that cruise ships be kept out of the lagoon. The city receives between 25 to 30 million visitors each year, 14 million of them staying for just one day.

09 August 2019
Hero's welcome for deceased Vietnam War veteran
Knight's remains were recovered and identified by personnel assigned to the Defense POW/MIA Accounting Agency ". According to Proskow , "the entire airport fell silent" as the flag-draped casket holding the remains of Col.

09 August 2019
Frontier Airlines giving away free flights to people named 'Green' or 'Greene'
Refunds will be awarded to the original booking contact person on September 15, 2019. Return flights must arrive by 11:59 p.m. on August 20.

09 August 2019
You can now discover and listen to podcasts in Google Search
Not only this, publishers will have the option to choose a playback app or third-party website that will appear in search results. After it has been added, you'll be able to search podcasts using your smart speakers or using Google Assistant on your phone.