My Thoughts on Technology and Jamaica: How CheckPoint Security says Hackers can read and send Whatsapp messages

Wednesday, August 8, 2018

How CheckPoint Security says Hackers can read and send Whatsapp messages

“We carefully reviewed this issue and it's the equivalent of altering an email to make it look like something a person never wrote.....This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp”

Whatsapp spokesperson commenting on research done by Israeli cybersecurity firm CheckPoint on Faking Whatsapp messages

Looks like Whatsapp may not be as secure as they claimed.

Researchers at Israeli cybersecurity firm CheckPoint Security have discovered …(or rediscovered?) a very serious vulnerability in Whatsapp as outlined in the article “Researchers find flaw in WhatsApp”, published August 8, 2018,

Google Logo

Announced today Wednesday August 8th 2018, they flaw apparently allows hackers to do the following:

1.      Intercept messages in Group or Private conversations
2.      Modify and send fake messages in Group or Private conversations

Founded in 2009 and purchased by Facebook in 2014, WhatsApp said that at the beginning of the year, Whatsapp had more than 1.5 billion users who exchanged 65 billion messages per day. Most of these messages, however, are not monitored and cannot be monitored due to Whatsapp's Secure E2EE (End To End Encryption).

 As such, anyone can spread spam and misinformation, often with unforeseen consequences that most smartphones uses may not notice, as computers are not held in the same regard as smartphones. 

Google Logo

Whatsapp is also a haven for transactional sex between teenage girls and older men as noted in my MICO Wars blog article entitled “How WhatsApp is fuelling Transaction Sex among Jamaican Teenagers”.

Whatsapp, for its part, has made a few changes in order to tackle the challenge of misinformation:

1.      Placing a limit on forwarding content
2.      Adding a label to forwarded messages
3.      Making changes to group chats

 So how is this possible?

Whatsapp vulnerability - How Hackers can access your personal info

First thing first, this does not mean that Whatsapp's E2EE (End To End Encryption) is broken or hacked.

Still, it is possible that Whatsapp can share their encryption keys with spy agencies as outlined in my Geezam blog article entitled “WhatsApp and Facebook Messenger may be sharing E2EE Keys with the NSA”.

However, this is not the case….

Rather, what hackers have really taken advantage of is the propensity for people to click on a specially designed website link as explained in my Geezam blog article entitled “How Check Point says Hackers can gain remote access to WhatsApp and Telegram”.  

Google Logo

Clearly this is not a new hack……CheckPoint Security has warned about this before and is now more relevant in the face of the recent Facebook-Cambridge Analytics Scandal as noted in my blog article entitled “How the Facebook Data Scandal involving Cambridge Analytica is a Storm in a Teacup”.

These website links are often send around propagating all kinds of false rumours and are use to gather data or may even be embedded in a funny video, such as a cute cat video.

Once it goes viral and people click on the link or video, it will instead allow hackers to install a Trojan as well as create backdoors in your smartphone by taking advantage of vulnerabilities in Android as explained by CheckPoint Security in my Geezam blog entitled “Check Point warns of Android malware Gooligan, a sign of AI’s approach in 2017”. 

Then the hacker can access your smartphone and download all information including you contact list and emails. They can even get access to stored credit cards and install a keylogger to record all of your keystrokes, capturing your password and login for various apps, all thanks to weaknesses inherent in the smartphone OS.

Google Logo

Even worse, they can login and use your phone to remotely send messages via the backdoor created using the specially designed website link using your own Whatsapp number. In essence, they hackers can potentially turn your phone into a member of a botnet.

Hackers can then forwarding the website link to other smartphone users, causing more people to click on the infected weblink or funny cat video. Then they can make money this way by harvesting your contact information and reselling resell this information to hackers or just use it to scam people.

Facebook and Whatsapp - Backup Whatsapp and Update with latest version

Facebook is currently under pressure about the lack of regulation on Whatsapp, especially as it relates to forwarding messages in groups. 

Google Logo

These groups can spread misinformation, often resulting in people taking action that may not be warranted, often with dangerous results, as this ad from BCJ (Broadcast Commission of Jamaica) warns.

It’ll be interesting to see how Jamaicans react to this latest bit of news.....and well as what changes Whatsapp will implement. For now the best remedy is to backup Whatsapp and install a fresh updated copy of this popular Mobile Social Media App.

No comments: