Published: Sat, August 10, 2019
Electronics | By Kelly Massey

Whatsapp flaw could allow hackers to alter and manipulate messages

Whatsapp flaw could allow hackers to alter and manipulate messages

The first flaw looks to change how a message's sender is identified, allowing hackers to mis-attribute a message, with the second allowing third parties to change the text of a user's reply. In other words, unless Facebook gets access to the decrypted chat, which the company claims is not happening, a patch can't be implemented.

Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.

A team from cybersecurity firm Checkpoint has demonstrated how the tool can be used to alter the text within quoted messages, making it look as if a person had said something they did not. The firm was able to capture an outgoing message from WhatsApp and decrypt it.

What's concerning is that this is not actually a new discovery, because the researchers found these vulnerabilities in 2018 but WhatsApp has since only fixed the last of the listed vulnerabilities.

In a report presented Wednesday at the annual Black Hat security conference in Las Vegas, the researchers said that the vulnerabilities enable threat actors to intercept and manipulate messages to create and spread misinformation.

Mr Vanunu said his company is working with WhatsApp, but the other problems were hard to solve because of the messaging app's encryption.

Moscow Police Arrest Opposition Candidate Sobol Before Protest
Some pro-Kremlin politicians and officials have suggested that the West has helped orchestrate the protests. Germany has urged Russian Federation to immediately release protesters detained during earlier rallies.

Apparently, the threat actor uses WhatsApp's end-to-end encryption to its advantage.

The Facebook-owned chat app encouraged users to seriously consider updating their version of app to the very latest in the respective stores-App Store, Play Store and the likes. Another method alters the text of someone else's reply, essentially putting words in their mouth. This error in WhatsApp has added to the concern of users around the world.

Prevent the ability for users to quote reply a message sent prior to a new group member joining, which would also have problems.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems", a WhatsApp spokesperson said in a statement per CNN.

"In case of any doubt during correspondence, confirm the author's identity in a private chat", he warned.

WhatsApp a year ago pointed out that it was possible for hackers to manipulate the "quote" feature but it was not a flaw related to its end-to-end encryption.

Like this: