A new WhatsApp vulnerability could allow attackers to spread fake news appeared to be sent from the trusted contacts.
WhatsApp is a most popular instant messaging app used by more than 1.5 billion users, it has been heavily targetted by scammers for spreading fake news. WhatsApp recently rolled out a new feature which indicates to user’s that the message they have received is the forwarded one.
Checkpoint researchers found a new WhatsApp vulnerability that allows an attacker that allows an attacker to intercept and change the messages that sent in both the private and group conversations.
Researchers managed to reverse the WhatsApp communication to see the parameters that sent between the mobile and the web version to manipulate the data.
Three possible methods observed in exploiting this vulnerability. Researchers published a Burp Suite Extension to manipulate the three possible methods.
With this method, attackers can spoof the reply message to mimic as another group member or the member, not in the group. All attackers need is to catch the encrypted traffic and use the Burp Extension to decrypt it.
To send a spoofed message the attacker needs to reply to the message he spoofed by quoting and changing that message to everyone in the group. The participant can be anyone, even not a member of that group. You can find the technical analysis details in checkpoint’s blog post.
With this attack the attacker able to manipulate himself as the message comes from some other person, all he needs is to manipulate the fromMe parameter in a message which indicates who sent the message.
The third attack method shows that it is possible to send a private message to a selected individual in the group chat, and if he replies it will be visible to everyone.
“Check Point Research informed WhatsApp of their findings. From Check Point Research’s view, we believe these vulnerabilities to be of the utmost importance and require attention.”
WhatsApp today rolled out a forward message feature which restricts the forwarding message capabilities to just 5 chats in one go.
Security Flaws Identified in WhatsApp Could Allow Attackers to Spy on Group Chats
OMG: Fake WhatsApp Android App Downloaded Over 1 Million People’s
Whatsapp Blocked In China After Google And Facebook
LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the…
Hackers use deep fake AI photos to impersonate individuals online, allowing them to deceive, manipulate, or gain unauthorized access to…
Cuttlefish is a new malware platform that has been identified to be active since at least July 2023. This malware…
Multiple vulnerabilities have been discovered in ArubaOS that affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways,…
While facilitating remote work, remote desktop software presents security challenges for IT teams due to the use of various tools…
A group of hackers has claimed responsibility for infiltrating several servers belonging to the United Arab Emirates government. The announcement…