Friday , December 3 2021

WhatsApp vulnerability allowed hackers to manipulate messages, sender identification – Technology News, Firstpost


WhatsApp has been found to be infected with a vulnerability that allows hackers to manipulate messages as well as the identity of the sender.

The vulnerability was spotted by a Check Point study, which revealed that the loophole could have allowed hackers to spread misinformation and make it appear that the message came from a real source.

Researchers have reportedly discovered three attack modes that put WhatsApp users at risk. Exploitation apparently uses the "quote" function in a group chat to change the content of the message and the identity of the sender, whether the member is part of the group or not.

WhatsApp vulnerability allowed hackers to manipulate messages, sender identification


The vulnerability allowed hackers to modify the content of the message in the quoted text. The researchers said that while the original message remains the same, the quoted message will be easily misled.

(Also read: WhatsApp is reported to be working on a new Instagram-like boomerang feature)

The third attack mode also allowed hackers to send a personal message to a contact in the group, but when the recipient replies, the entire group sees it.

The video below was shared by the researchers to show how the attack works:

The vulnerability also allowed researchers to decipher a message that was supposedly protected by the end-to-end encryption model of WhatsApp.

According to the company, WhatsApp's end-to-end encryption only allows the sender and recipient of the message to read the text, and even the company is unable to access these messages. But this vulnerability is causing a loophole in this encryption model.

There are currently no reports of a hacker abusing this vulnerability. Researchers say they have informed WhatsApp about the same.

Find our entire collection of stories, in-depth analysis, live updates, videos and more about Chandrayaan 2 Moon Mission in our specialized domain # Chandrayaan2TheMoon.

Source link