WhatsApp messenger is used by about 1,5 billion users around the world. Therefore, the fact that attackers can use the platform to manipulate or falsify chat messages is quite alarming. The problem was discovered by the Israeli company Checkpoint Research, about this at the Black Hat 2019 security conference in Las Vegas.
As it turns out, the flaw allows you to manipulate the quote function by changing words, and can rephrase the user's original message, as well as send messages to groups instead of a specific person.
Researchers said they alerted WhatsApp to the flaws in August last year, but the company only fixed the third vulnerability. The other two remain active today, meaning they could potentially be used by attackers for malicious purposes. WhatsApp declined to comment. However, Facebook told researchers that the other two problems could not be resolved due to βinfrastructure limitationsβ in the application.
Note that the messenger is used in many countries, including India, where more than 400 million people use it. It is this prevalence that has made the app a platform for spreading harmful information, hate speech, fake news and various forms of explicit content.
And WhatsApp's end-to-end encryption makes it difficult to trace the source of information. At the same time, Checkpoint Research specialists showed the Checkpoint Research Burp Suit utility, which easily bypasses encryption and allows you to manipulate text. To achieve this, the researchers used the web version of WhatsApp, which allows users to link their phones using a QR code.
As it turned out, in the process of transferring the public key, it can easily be intercepted and gain access to the chat. And at the moment the problem remains relevant.
Source: 3dnews.ru