Cops around the world are warning parents about Momo game. in Argentina are currently investigating…
A Check Point study entitled “Reverse Engineering WhatsApp Encryption for Chat Manipulation and More” details the exploitation of security issues in WhatsApp.
“According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries. Given all the chatter, the potential for online scams, rumors and fake news is huge. Threat actors have an additional weapon in their arsenal to leverage the messaging platform for their malicious intentions”, — warn researchers.
It all began in 2018, when Roman Zaikin and Oded Vanunu experts reverse engineered the source code and were able to decrypt WhatsApp traffic. Then the experts discovered vulnerabilities in the messaging service.
In total, the researchers were able to identify three attack scenarios, each of which required the inclusion of social engineering to mislead users.
A threat actor may:
According to experts, they fear that such bugs may be used to spread misinformation – a very popular problem these days, by the way.
In other words, attackers can say any thing on behalf of users.
Read also: For protection against hackers’ attacks, VBScript in Windows 7 and 8 will be disabled
Check Point experts even created a special tool with which you can successfully exploit the aforementioned security problems. But even this did not attract proper attention from the parent company – Facebook.
A statement by the Internet giant claims that the problems described by Check Point have nothing to do with pass-through encryption vulnerabilities.
“We carefully reviewed this issue and it’s the equivalent of altering an email to make it look like something a person never wrote. This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp”, — a WhatsApp spokesperson said.
Meanwhile, the Check Point team has posted a video that demonstrates the operation of the described security issues:
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…