Remember meForgot password?
    Log in with Twitter

article imageNew tool exploits WhatsApp and 'puts words in your mouth'

By Tim Sandle     Aug 8, 2019 in Internet
A new piece of software latches onto a flaw with Facebook's WhatsApp and enables an exploiter to alter text and make out that someone has written something which they have not. This flaw presents a cybersecurity weakness.
The new tool builds upon a vulnerability in Facebook’s WhatsApp, Bloomberg reports. It has been reported on by researchers from cybersecurity firm Checkpoint, who show how text within quoted messages can be changed. The risk is, Oded Vanunu from Checkpoint, tells the BBC that malicious actors can manipulate conversations on the platform. The software additionally allows an attacker to change the names of people sending content in group chats. This makes it possible to attribute a comment to a different source.
Vanunu states: "It’s a vulnerability that allows a malicious user to create fake news and create fraud. You can completely change what someone says...You can completely manipulate every character in the quote."
Checkpoint first raised the issue at the Black Hat cyber-security conference in Las Vegas to Facebook in 2018. Surprised that Facebook seem to have done nothing about the WhatsApp vulnerability, the Israel-based company have re-issued their concern. The concerns could be significant given that WhatsApp has some 1.5 billion users, and the ostensibly free service is used for personal conversations, business communications and political messaging.
In an open letter to Facebook, Checkpoint Research write: "'Towards the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messaging application that would enable threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources. We believe these vulnerabilities to be of the utmost importance and require attention."
Facebook, however, are disputing the issue, according to The Daily Telegraph. A Facebook spokesperson writes: "A Facebook spokesman said: “We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp."
More about whatsapp, Bug, cyber issue, Facebook
Latest News
Top News