- With over a billion users using Facebook-owned messaging service WhatsApp, the app seems to be suffering from critical vulnerabilities that can be exploited by anyone putting all users at risk.
- The quote feature was discovered to be exploitable in groups, allowing anyone to be quoted even if the person is not a part of a group.
- The vulnerabilities can lead to a rise in misinformation on the platform if it is left unpatched for too long.
With a rise in fake news on popular social messaging app WhatsApp, security company Check Point Research identified some critical vulnerabilities that can make matters worse for the Facebook-owned app. The security company identified three different methods of intercepting messages, which can lead to a rise in misinformation on the platform. All three of the methods make use of social engineering tactics, allowing users to alter texts of replies.
The research team at Check Point managed to identify the encryption method used by WhatsApp and used three manipulation methods to intercept conversations. By converting the protobuf2 encryption data to a different platform, the security researchers were able to send and manipulate the encryption keys to check in on WhatsApp’s security methods.
The first manipulation method involves spoofing replies in conversations to spoof other group members or non-existing members. The second method involves manipulating the chat messages by sending replies to oneself on someone else’s behalf. The last manipulation method involves sending messages to select users in a group only. The messages can be intercepted before they are actually sent to the WhatsApp servers, and some data can be tweaked to choose which members of a group get access to what you send them.
All three vulnerabilities have been detailed including a step by step process which explains how attacks can take place on WhatsApp. Check Point also explained the encryption and decryption process of the app and how they can be manipulated to a user’s liking.