Slashdot Mirror
WhatsApp Flaw Could Allow Hackers To Modify, Send Fake Messages (nytimes.com)
A recently discovered flaw in WhatsApp could allow hackers to modify and send fake messages (Warning: source may be paywalled; alternative source). Researchers at the Israeli cybersecurity firm Check Point said the vulnerability gives a hacker the possibility "to intercept and manipulate messages sent by those in a group or private conversation" as well as "create and spread misinformation." The New York Times reports: WhatsApp acknowledged that it was possible for someone to manipulate the quote feature, but the company disagreed that it was a flaw. WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service. The company said it worked to find and remove anyone using a fake WhatsApp application to spoof the service. "We carefully reviewed this issue and it's the equivalent of altering an email," Carl Woog, a spokesman for WhatsApp, said in a statement. What Check Point discovered had nothing to do with the security of WhatsApp's so-called end-to-end encryption, which ensures only the sender and recipient can read messages, he said.
For now, the issue appears limited to a discussion among security experts. Both WhatsApp and Check Point Software said they had not seen regular users creating fake quote messages in chats. Check Point said it also discovered a way within group chats to send a message to a specific individual within the discussion. That individual is tricked into believing that the whole group saw the message and responds accordingly. WhatsApp played down the concerns raised by Check Point, saying most people know the person who they are messaging on the service. The company said 90 percent of all messages on the service are sent in one-on-one conversations, and the majority of groups are six people or less -- making it less likely that an unknown person can infiltrate a conversation to trick other users.
For now, the issue appears limited to a discussion among security experts. Both WhatsApp and Check Point Software said they had not seen regular users creating fake quote messages in chats. Check Point said it also discovered a way within group chats to send a message to a specific individual within the discussion. That individual is tricked into believing that the whole group saw the message and responds accordingly. WhatsApp played down the concerns raised by Check Point, saying most people know the person who they are messaging on the service. The company said 90 percent of all messages on the service are sent in one-on-one conversations, and the majority of groups are six people or less -- making it less likely that an unknown person can infiltrate a conversation to trick other users.
I mean, if you are a hacker why bother to send a fake message if another hacker is just going to modify it.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It's not like I could send message that looks like you sent it. It's just that I could craft a fake quote claiming to be from you and send that to someone, but they'll know I am the one that sent the "quote".
So it's like every other communication method out there.
We must do something to fix this spam issue.
-- Abraham Lincoln
This LUDDITE article full of LUDDITE lies is written by a LUDDITE hacker who's mad that they're too stupid to know how to app appy app apps like WhatsApp!
Apps!
What's this app?
How else would that fake hacker get the fake messages to hack so he can hack fakes while he's fake hacking?
And why do you dumb fucks keep on calling every fscking s'kiddie a "hacker"? It is officially an Uninformative word.
because muh America and muh honesty.
If you use American message apps, then nothing you write is private nor secure.
... is exactly decrypting the burp stream to turn it into beautified JSON. Figuring out variable names, and DB fields after that is EASY.