The Instant messaging platform, WhatsApp, is self-confident and proud of its security and encryption feature. However, researchers discovered a flaw during the Black Hat conference which takes place annually.
This flaw has the potential to allow anybody to send fake messages which look as if you had send it.
In accordance with Check Point Research, this can be done by manipulating three various methods to apply this new found vulnerability.
Two methods can be used to make messages to look as if someone else send it.
A Hacker can:
Inside a group conversation, by using the ‘quote’ feature, a sender’s identity can be changed. This can be done whether that person is not even a group member.
The text of another person’s reply can be changed, basically by placing words in someone else’s mouth.
Check Point stated that it also has the ability to find a method to con users to confuse public & private messages, despite the fact that Facebook had already solved that issue.
Peculiarly, Facebook was also informed, about these other flaws, approximately a year ago. Apparently, Facebook did not consider it realistic to be fixed.
Ironically, it seems that WhatsApp’s end-to-end encryption feature, is hampering Facebook’s efforts to repair this issue as per TNW.
The researchers manipulated WhatsApp’s web version which provides users with the ability to use a QR code to pair their mobile phones.
By acquiring both the public & private key pair, which is produced prior to the generation of a QR code, as well as the ‘secret’ parameter which is sent via the mobile to the WhatsApp Web, whilst the user is scanning the QR code, it is the extension which makes the encrypting & monitoring of communications easy, on the fly.
After the web traffic, which contains the details such as a participant’s details, the authentic conversation as well as an unique ID, is acquired, the researchers reported that the flaws enabled them in spoofing message replies, change the message content, whilst manipulating the convo by replying on a message to a sender, substituting the other person.
The majority of people are rarely at risk due to these whatsapp security flaws, particularly when they are just chatting with people known to them and whom they trust.
However, the growing of chat groups can potentially increase the risk of foul play.