EXECUTIVE SUMMARY:
By essentially reverse-engineering Facebook-owned WhatsApp’s encryption method, security researchers have discovered opportunities for hackers to be able to manipulate messages and senders’ identities.
The New York Times reports that WhatsApp does not see this as a flaw, but as a tradeoff. “WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service.”
Researchers from Check Point Security, however, assert that cybercriminals can exploit the vulnerability to carry out three different types of attacks:
- Changing replies to falsify the intent of what someone has actually said
- Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
- Sending a message to a member of a group that seems to be a private message. However, when the individual responds, the member’s response will be sent to the entire group.
Check Point believes this gives cyberattackers a powerful tool to spread false information – something that has been a major concern around the globe and has led to some tragic consequences.
As The New York Times reports, “In India, false rumors about child kidnappers circulating through WhatsApp led to mob violence. In Brazil, false stories about deadly reactions to vaccines for the yellow fever spread over the messaging service.”
Get the full story at The New York Times.