Last August, Check Point Research reported that a critical vulnerability in WhatsApp could theoretically allow an attacker to send messages on behalf of its users. The instant messaging app has yet to deploy a patch, as the firm clarified at Black Hat 2019, a conference dedicated to cybersecurity held in Las Vegas.
WhatsApp: How hackers can send messages for you
During its research, Checkpoint discovered up to three ways a hacker could cheat a WhatsApp user. First, the flaw allows Don’t miss the “quote” feature to change the sender ID. With this tactic, an attacker can make anyone say anything in a group chat.
Second, a hacker can also hack forwarded encrypted messages on WhatsApp. Specifically, an attacker can: falsify your message on your own. If other participants in the chat group will read an edited version of your message, you will still have access to the original message sent. In short, we will not notice anything.
Finally, a final tactic consists of convincing a user that they are responding to a private chat when this is not the case. The message can actually be seen in a large group. Fortunately, this last method is no longer available. WhatsApp’s parent company, Facebook, explains that it has fixed the problem. The social network, on the other hand, admits that it can do nothing to prevent the first two tactics from being abused.
This isn’t the first time security breaches have compromised WhatsApp users’ privacy. With a little patience, the attacker can identify, for example, which people you are chatting with. Worse, a flaw in WhatsApp servers is allowing hackers to spy on group conversations in 2018. According to Telegram co-founder Pavel Durov, WhatsApp is safe and never will be. He even believes that there is “In the ten years of WhatsApp’s existence, there is not a single day that this service is secure”.
Source : checkpoint
