You can now find Cyber Kendra on Google News | Telegram

Researcher Hack WhatsApp to Change Your Message

Whatsapp hacked shows change in the message content
Two security researchers from security firm Check Point demonstrated how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender at Black Hat 2019 security conference.

On 7th August at Black Hat conference, Roman Zaikin, a security researcher, and Oded Vanunu, head of products vulnerability research, both at Check Point shown their research paper entitled 'Reverse Engineering WhatsApp Encryption for Chat Manipulation and More'.

According to the paper Zaikin and Vanunu along with another researcher Dikla Barda, managed to reverse engineer WhatsApp web source code and successfully decrypt the WhatsApp traffic. And for this they created a extension for Burp Suite, a web application testing tool.

Researchers explained three attack scenario of the bug which are:
  1. The ability to send a private message to another group participant, disguised as a public message, resulting in the “private” response from the targeted individual being visible to everyone in the conversation.
  2. The use of the “quote” function of a group conversation to change the identity of the message sender. A person who may not even be a member of the group in question.
  3. A method to enable the text of someone else’s reply to be altered to say whatever the attacker wants. The ultimate modern-day example of “putting words in someone’s mouth.”
Check Point reported the findings to Facebook Security team as a responsible disclosure, but Facebook only fixed first one from the list, leaving other two considering not a security bug.

Researchers had now published a video demonstrating the bug showing manipulation of the message content.
Regarding the bug, Facebook spokesperson says, “the scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private, such as storing information about the origin of messages.”

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.