Sunday December 8, 2019
Home Lead Story WhatsApp Yet ...

WhatsApp Yet to Fix a Security Flaw That Allows Messages Manipulation

To demonstrate the severity of the vulnerability, Check Point even created a tool that allows it to decrypt WhatsApp communication and spoof the messages

0
//
whatsapp, paytm, UPI-based Pay service
FILE - The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

Even as rumours on WhatsApp have been linked to dozens of deaths in India, the Facebook-owned messaging app is yet to address a security flaw pointed out a year ago by Check Point, an Israeli security software firm.

According to security researchers, this vulnerability could be exploited in three ways, all of which involve social engineering tactics to fool end-users.

First, a bad actor could use the “quote” feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.

Second, he/she could alter the text of someone else’s reply, essentially putting words in their mouth.

Third, a private message could be sent to a group participant disguised as a public message and when the targeted individual responds it becomes visible to everyone in the conversation.

Check Point informed WhatsApp in 2018 about the vulnerabilities, which would enable threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers power to create and spread misinformation from what appears to be trusted sources.

Notably, WhatsApp fixed the third vulnerability, which enabled threat actors to send a private message to a group participant disguised as a public message for all.

Conference, Privacy, Social Media
FILE – Silhouettes of mobile users are seen next to logos of social media apps Signal, Whatsapp and Telegram projected on a screen in this picture illustration. VOA

But it was still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources, said Dikla Barda, Roman Zaikin and Oded Vanunu, Security Researchers at Check Point, at the annual Black Hat security conference in Las Vegas.

In a statement to IANS, a Facebook spokesperson said it reviewed the issue a year ago and found that it was “false to suggest there is a vulnerability with the security we provide on WhatsApp”.

“The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private — such as storing information about the origin of messages,” the spokesperson said.

To demonstrate the severity of the vulnerability, Check Point even created a tool that allows it to decrypt WhatsApp communication and spoof the messages.

Also Read: Tourism Ministry Slashes Visa Fees & Promote Foreign Language Sign Boards

“WhatsApp is the most popular instant messenger in the world. These security flaws are indeed serious, as they could result in group chat participants being humiliated by false messages,” Victor Chebyshev, security researcher at Kaspersky, told IANS.

“This does not mean that users should stop using WhatsApp. While security bugs are dangerous, they are not uncommon in any type of software. Yet users should be careful when contributing to group chats.

“In case of any doubt during correspondence, confirm the author’s identity in a private chat. We recommend keeping an eye on when WhatsApp updates are released and downloading new versions immediately to stay secure,” Chebyshev said. (IANS)

Next Story

WhatsApp to Support “Call Waiting” Feature

Meanwhile, the latest WhatsApp beta update has brought three new options for dark mode on the app

0
WhatsApp
Call waiting is available in v2.19.352 stable (APK Mirror) and above of WhatsApp, and v2.19.128 (APK Mirror) of WhatsApp Business. Pixabay

Facebook-owned WhatsApp has become the latest Voice over Internet Protocol services provider to support call waiting feature even as the company has skipped adding call holding for now.

When you’re already talking on the phone and another person tries to call you, most phones and operators let you know that you’ve got a call waiting. Very few VOIP services support that, though, and WhatsApp wasn’t among them until now, Android Police reported on Friday.

Earlier, when somebody would try to call you on WhatsApp while you were already on the phone, they would hear it ring, but, no one would answer. The call would then get disconnected.

Call waiting is available in v2.19.352 stable (APK Mirror) and above of WhatsApp, and v2.19.128 (APK Mirror) of WhatsApp Business, the report added.

WhatsApp
Facebook-owned WhatsApp has become the latest Voice over Internet Protocol services provider to support call waiting feature even as the company has skipped adding call holding for now. Pixabay

Meanwhile, the latest WhatsApp beta update has brought three new options for dark mode on the app.

The light theme would offer a white background. Dark theme, as the name suggests, would enable dark mode on WhatsApp, according to WABetaInfo, a fan website that tracks WhatsApp updates.

ALSO READ: Uber Receives 3,045 Cases of Sexual Assault in U.S. in Year 2018

Another option, which is ‘Set by Battery Saver’, dark mode would be activated only when the smartphone’s battery level drops below a certain point. This third option is said to be available only for smartphones running on Android 9.0 or older. (IANS)