© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Researchers at Israeli security firm Check Point Research claimed that they have found flaws in WhatsApp that ‘could allow threat actors to intercept and manipulate messages sent in both private and group conversations’. Thanks to Burp Suit Extension and three manipulation methods, researchers were able to exploit vulnerability in the messaging app. They started by decrypting the WhatsApp communication by reversing its algorithm, which helped them get the Burp Suit Extension.
The security firm put out a blog post explaining how they were able to manipulate private and group messages. The researchers could alter the text of someone else’s reply, send private message to another group participant who is not visible to other participants in a group, and use WhatsApp’s “quote” feature in group conversation to change identity of the sender irrespective of whether that person is a member of the group or not.
Also read: WhatsApp officially rolls out forwarded message limit for India users: Here’s what it means
WhatsApp spokesperson Carl Woog, in a statement to The New York Times acknowledged that though the quote feature can be manipulated, it was not a flaw. Woog insists the vulnerability has nothing to do with the security of WhatsApp’s end-to-end encryption, which was rolled out globally in 2016 and ensures that messages are read by only the sender and the recipient.
Earlier, WhatsApp officially rolled out forwarded message limit to five chats for India users. The move aims to curb the spread of misinformation on its platform. WhatsApp is facing scrutiny in India, after reports that viral video messages shared on the app resulted in lynchings, mob violence in some parts of the country.
