A Cybersecurity Firm Find A Way to Alter WhatsApp Messages

Cyber ​​Security Company announced that it found a loophole of WhatsApp, Facebook's proprietary mail service with 1.5 billion users. This is because the fraudster can change the content from the sender of the message already being provided,

By creating a pirated version of What & # 39; s App, the cheaters edited a "quote" that allows posters of messages to post messages and reply, saying that someone did not send the message You can give an impression. According to Check Point Software Technologies,

WhatsApp acknowledged that someone could manipulate the estimate function, but the company did not agree with the fact that it was acting from a defect. WhatsApp states that the system functions as expected, such as increasing the risk of privacy or slowing down services as a compromise to prevent fraud by checking each message on the platform. The company said it is working to find and delete someone using a fake WhatsApp application to disguise the service.

Carl Woog, WhatsApp spokesperson, says, "We are carefully considering this issue, which is equivalent to tampering with e-mail, check point found that only senders and recipients read messages It is said that it has nothing to do with WhatsApp 's end – to – end encryption security.

WhatsApp is the world's most used messaging application with 1.5 billion users on the platform. It's popular in terms of its service simplicity and security, even if it provides encryption, the user can not even know the contents of the message. Facebook bought WhatsApp for $ 19 billion in 2014.

However, the dissemination of erroneous information on that platform has been criticized in the last few months. In India, the wrong rumor that is prevalent about children's kidnappers via WhatsApp is leading to crowd violence. In Brazil there is a misunderstanding about the life-threatening response to the yellow fever vaccine being distributed with the messenger service.

Mr. Woog of WhatsApp said, "We are taking seriously the false challenge," restricting the possibility of sharing and tagging messages with different groups when the message is sent. But WhatsApp says the problem posed by Check Point is not related to efforts to reduce false alarms.

Checkpoint's vulnerability research officer Oded Vanunu said that the ability to modify messages has become a powerful tool to disseminate erroneous information from reliable sources to hackers. There is a particular problem in the group discussion and it is possible to participate up to 256 people. There are possibilities that several messages will arrive at the same time, he said, it will be easy to forget what someone said.

"The public believes in the integrity of the message," Mr. Vanunu said. "To avoid this simple operation, WhatsApp has to adapt.

At this time, the problem seems to be limited to discussion among security experts. WhatsApp and Check Point Software reported that regular users never saw making fake quote messages during discussion.

Check Point said he discovered a way to send a message to a specific person during a discussion in a group discussion. This guy is guided to believe that the whole group saw the message and responded accordingly.

WhatsApp says that most people are aware of the person sending messages about the service, with the concerns raised by Check Point in mind. The company said that 90% of all service messages are sent directly and most groups are composed of up to six people.

You can check the validity of the message by clicking the message enclosed in quotes. As long as the message is deleted or when the message is sent, the person will return to the discussion stage when the message was sent unless the person joins the chat.

WhatsApp said that the potential solution to this problem is not worth a try. One solution is to create transcripts for each message exchange to verify the accuracy of each estimate. The company says that the creation of such copies is a significant risk to privacy because the description of what people have written to himself should be stored somewhere.

Via: Techojas

Compsmag