WEB DESK: Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
BLACK HAT USA 2019 – Las Vegas – Researchers from Check Point Software Technologies are once again warning about what they describe as a dangerous security weakness in the WhatsApp messaging application that can be abused to spread fake news and carry out various online scams.
In a technical presentation here yesterday, Check Point researchers Roman Zaikin and Oded Vanunu explained how an attacker could exploit the issue to alter the text of someone else’s reply, change the identity of a message sender, or trick a user into sharing something publicly in a group that they might not have intended to share.
The researchers first surfaced the same issues in August 2018 in a report that described how attackers could intercept and manipulate WhatsApp messages in private and group chat settings. In a blog and in comments at the time to Dark Reading, Vanunu identified the issue as having to do with WhatsApp’s failure to validate certain message parameters before encrypting and sending messages to the intended recipient.
Since then, Facebook-owned WhatsApp has fixed the issue that allowed attackers to trick users in a group chat into thinking they were sharing something in private when, in fact, it was visible to everyone else, he said.
However, the other two issues remain unmitigated and continue to give attackers a way to abuse WhatsApp in dangerous ways, Vanunu said. From Check Point’s perspective, the vulnerabilities present a major threat and need to be addressed urgently, he noted.
“WhatsApp is not just an application. It is an infrastructure of more than 1.5 billion users with more than 56 billion messages per day,” Vanunu said.
WhatsApp’s massive footprint makes it a big target for criminals attempting to spread fake news and carry out other malicious activities, he said. In some countries, including India and Brazil, rumors spread via WhatsApp have even resulted in the deaths of innocent people, Vanunu said. In many countries, WhatsApp is also used for business application, so it is important that the issue gets resolved, he added.