APPS
APPS
APPS
Vulnerabilities in WhatsApp allow hackers to manipulate group messages
Cybersecurity researchers at Check Point Software Technologies Ltd. have uncovered disturbing vulnerabilities in the Facebook Inc.-owned WhatsApp that allow malicious actors to intercept and manipulate group and individual messages.
The vulnerabilities, all of which involve social engineering tactics to fool users, can allow an attacker to alter the text of someone else’s reply. They also allow hackers to use the “quote” feature in a group conversation to change the identity of the sender, even if that person is not a member of the group. And they can send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
Digging into the technical analysis, this isn’t a method that most people could easily tap into. WhatsApp messages are encrypted by default, but the problem lies in the ability to intercept the decryption key between parties who are participating in a group chat.
“The keys can be obtained from the key generation phase from WhatsApp Web before the QR code is generated,” the researchers explained. Following a number of other steps, they explain that “by decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues.”
WhatsApp responded to the news, saying that “we carefully reviewed this issue and it’s the equivalent of altering an email to make it look like something a person never wrote.” It added that “the claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.”
The story comes at a time when WhatsApp is in the news as users in India and Bangladesh have been using the app to spread rumors and fake news that have resulted in rioting and in some cases actual lynching.
Photo: 140988606@N08/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
