“We
carefully reviewed this issue and it's the equivalent of altering an email to
make it look like something a person never wrote.....This claim has nothing to
do with the security of end-to-end encryption, which ensures only the sender
and recipient can read messages sent on WhatsApp”
Whatsapp spokesperson
commenting on research done by Israeli cybersecurity firm CheckPoint on Faking
Whatsapp messages
Looks
like Whatsapp may not be as secure as they claimed.
Researchers
at Israeli cybersecurity firm CheckPoint Security have discovered …(or
rediscovered?) a very serious vulnerability in Whatsapp as outlined in the
article “Researchers
find flaw in WhatsApp”, published August 8, 2018, Physorg.com.
Announced today Wednesday August 8th 2018, they flaw apparently allows hackers to do the following:
1. Intercept
messages in Group or Private conversations
2. Modify
and send fake messages in Group or Private conversations
Founded
in 2009 and purchased by Facebook in 2014, WhatsApp said that at the beginning
of the year, Whatsapp had more than 1.5 billion users who exchanged 65 billion
messages per day. Most of these messages, however, are not monitored and cannot
be monitored due to Whatsapp's Secure E2EE (End To End Encryption).
As such, anyone can spread spam and
misinformation, often with unforeseen consequences that most smartphones uses
may not notice, as computers are not held in the same regard as smartphones.
Whatsapp
is also a haven for transactional sex between teenage girls and older men as
noted in my MICO Wars blog
article entitled “How
WhatsApp is fuelling Transaction Sex among Jamaican Teenagers”.
Whatsapp,
for its part, has made a few changes in order to tackle the challenge of
misinformation:
1. Placing
a limit on forwarding content
2. Adding
a label to forwarded messages
3. Making
changes to group chats
So how is this possible?
Whatsapp vulnerability
- How Hackers can access your personal info
First
thing first, this does not mean that Whatsapp's E2EE (End To End Encryption) is
broken or hacked.
Still,
it is possible that Whatsapp can share their encryption keys with spy agencies
as outlined in my Geezam blog
article entitled “WhatsApp
and Facebook Messenger may be sharing E2EE Keys with the NSA”.
However,
this is not the case….
Rather,
what hackers have really taken advantage of is the propensity for people to
click on a specially designed website link as explained in my Geezam blog
article entitled “How
Check Point says Hackers can gain remote access to WhatsApp and Telegram”.
Clearly
this is not a new hack……CheckPoint Security has warned about this before and is
now more relevant in the face of the recent Facebook-Cambridge Analytics
Scandal as noted in my blog article
entitled “How
the Facebook Data Scandal involving Cambridge Analytica is a Storm in a Teacup”.
These
website links are often send around propagating all kinds of false rumours and
are use to gather data or may even be embedded in a funny video, such as a cute
cat video.
Once
it goes viral and people click on the link or video, it will instead allow
hackers to install a Trojan as well as create backdoors in your smartphone by
taking advantage of vulnerabilities in Android as explained by CheckPoint
Security in my Geezam blog entitled “Check Point warns of
Android malware Gooligan, a sign of AI’s approach in 2017”.
Then
the hacker can access your smartphone and download all information including
you contact list and emails. They can even get access to stored credit cards
and install a keylogger to record all of your keystrokes, capturing your
password and login for various apps, all thanks to weaknesses inherent in the
smartphone OS.
Even
worse, they can login and use your phone to remotely send messages via the backdoor
created using the specially designed website link using your own Whatsapp
number. In essence, they hackers can potentially turn your phone into a member
of a botnet.
Hackers
can then forwarding the website link to other smartphone users, causing more
people to click on the infected weblink or funny cat video. Then they can make
money this way by harvesting your contact information and reselling resell this
information to hackers or just use it to scam people.
Facebook and Whatsapp -
Backup Whatsapp and Update with latest version
Facebook
is currently under pressure about the lack of regulation on Whatsapp,
especially as it relates to forwarding messages in groups.
These
groups can spread misinformation, often resulting in people taking action that
may not be warranted, often with dangerous results, as this ad from BCJ
(Broadcast Commission of Jamaica) warns.
It’ll
be interesting to see how Jamaicans react to this latest bit of news.....and
well as what changes Whatsapp will implement. For now the best remedy is to
backup Whatsapp and install a fresh updated copy of this popular Mobile Social
Media App.
No comments:
Post a Comment