WhatsApp hack : The hacking tool was revealed publicly during a briefing at the annual Black Hat security conference in Las Vegas on August 7.

WhatsApp hack attack can change your messages, says Israeli security firm

WhatsApp hack : Researchers from Israeli security company Check Point have revealed how Facebook owned WhatsApp’s could be hacked to change the text of a message and the identity of the sender.

The hacking tool was revealed publicly during a briefing at the annual Black Hat security conference in Las Vegas on August 7, news magazine Forbes reported on Wednesday. However, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.

In a presentation titled “Reverse Engineering WhatsApp Encryption for Chat Manipulation and More,” Roman Zaikin, a security researcher, and Oded Vanunu, head of products vulnerability research, both at Check Point, explained the process in detail.

In 2018, Vanunu, Zaikin and another researcher called Dikla Barda, managed to reverse engineer WhatsApp web source code and successfully decrypt the WhatsApp traffic. While creating an extension to Burp Suite, a web application testing tool, using the web functions they had found, to help with finding vulnerabilities in WhatsApp, the researchers found some vulnerabilities.

Three possible attack modes determined by the Check Point team, all exploiting social-engineering tricks to fool end-users and all giving an attacker the weapons required to intercept and manipulate WhatsApp messages.

Towards the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messaging application, the researchers said.

As of August 7, WhatsApp’s has only fixed the first on that list, according to the Forbes news report.

Check Point went as far as to state that “threat actors have an additional weapon in their arsenal to leverage the messaging platform for their malicious intentions.”

“We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp,” a Facebook spokesperson told Forbes.

The spokesperson added that the scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write.

“We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private, such as storing information about the origin of messages,” spokesperson told Forbes.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here