New Delhi: Following a global disclosure by Israeli cyber security firm Check Point highlighting vulnerabilities in messaging giant WhatsApp’s platform that can allow threat actors to intercept and manipulate messages sent in both private and group conversations, the authors of the firm’s research paper told
ET in an interview that given the mass usage of the application in India, it is recommended that end users be cognizant of the nature of information they share on WhatsApp.
“According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries,” authors of Check Point’s research paper Dikla Barda, Roman Zaikin and Oded Vanunu told
ET.
“The average user checks WhatsApp more than 23 times per day. In India WhatsApp has officially registered 400 million users. Given the mass usage of the app, and the vulnerabilities identified with a potential of intercepting and manipulating messages thereby spreading misinformation, it is recommended that the end users be cognizant of the nature of information they share on WhatsApp, especially when it comes to highly confidential and personal information,” they added.
The firm disclosed WhatsApp vulnerabilities at Black Hat, a cyber-security conference in Las Vegas on August 7.
The authors said the vulnerabilities give attackers the power to create and spread misinformation from what appear to be trusted sources and that the firm notified WhatsApp about them towards the end of 2018. The team observed three possible ways of attackers exploiting the vulnerability all of which involve social engineering tactics to fool end-users.
A threat actor may use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group, alter the text of someone else’s reply, essentially putting words in their mouth or send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.
“WhatsApp fixed the third vulnerability which enabled threat actors to send a private message to another group participant disguised as a public message for all. But, we found that it is still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources. We believe these vulnerabilities to be of the utmost importance and require attention,” the authors said.
Source: Economic Times
When we step abroad to study, work, and settle down in a brand-new world, domestic…
To view this video please enable JavaScript, and consider upgrading to a web browser that…
Emma Raducanu has signed up for the Hobart International as she continues to build her…
SINGAPORE: Li Yue Long and Tabitha Yeo delivered Singapore's maiden SEA Games gold in the…
The US President alleged Venezuela was using oil to fund drug trafficking and other crimes…
A local consumer advocacy group is calling on the Department of Trade and Industry (DTI),…