WhatsApp rubbishes the allegations
In one of the biggest talking points, Cybersecurity researchers at Check Point claimed to have found out multiple flaws in WhatsApp, which is the leading instant messaging app in the world. As per the researchers, the three-pronged vulnerabilities could violate the identity of the sender as well as alter the nature of someone else’s reply. Also, it might send a private message to a group.
The researchers also inform that they passed on these vulnerabilities to WhatsApp last year but the instant messaging company only worked on the last hack and did not bother about the other two issues.
The researchers showed that the hackers could access encrypted traffic to impersonate another group member and then proceed to send it an extension to decrypt the original content. Also, the hackers can reply to any spoofed message in the group, despite the fact that the original message to the reply never existed.
When we look at the second vulnerability, we see that it allows hackers to change the message sent by the sender back to himself. As per the researchers, they exploit “fromMe” parameter used in WhatsApp messages. This parameter in question is used to identify who the original sender of the message is.
Responding to these findings, WhatsApp said that the so-called vulnerability was similar to altering email replies and that they were not vulnerabilities as far as the security protocols of the instant messaging app is concerned.
“We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp. The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private – such as storing information about the origin of messages,” said a WhatsApp spokesperson as quoted by Hindustan Times.