Security Flaw In WhatsApp That Would Allow Hackers To Alter Messages

It has been reported that a security firm has found a series of flaws in WhatsApp that could allow hackers to intercept and manipulate messages by changing the identity of a sender or altering their text. This gives the attackers the power to “create and spread misinformation from what appear to be trusted sources,” the researchers said.


EXPERTS COMMENTS
Gavin Millard , VP of intelligence ,  Tenable
August 09, 2019
Given that, currently, there is no known fix, those for whom privacy and integrity.
Its hotting up in the desert with major vulnerabilities in iMessage and WhatsApp. Both generally seen as ubiquitous messaging platforms with many viewing the service as secure and reliant on them having good security, particularly WhatsApp, to protect communications. This latest Whatsapp vulnerability is troubling as it enables an attacker to spoof the identity of a user, which could then encourage someone to do, or say, something they may not wish an outsider to be privy to. Given that, currently, there is no known fix, those for whom privacy and integrity is critical are urged to look at alternative communication methods.
Sam Curry, Chief Security Officer,  Cybereason
August 09, 2019
Avoid using any social media application or unsanctioned-by-the-company service for sensitive communications.
Not all vulnerabilities are created equally, and Facebook should have a triage system to deal with the most critical fastest. However, this vulnerability looks like it could cause significant identity compromise, personal mayhem and on the even of an election year havoc in the months to come. How it might be exploited at scale remains to be seen, but all social media should be looking to reinforce confidentiality of communications, integrity of messages and availability of services going forward. 2020 will prove to potentially be more fertile ground for election mischief given that the uses of data, manipulation of sentiment and the very notion of echo chambers is now understood. Simply keeping apps up-to-date isn’t enough. Avoid using any social media application or unsanctioned-by-the-company service for sensitive communications, IP exchanges, privacy-related matters or insider knowledge. Even when trusted, stop and ask “would I want this to be seen by a third party who might take it out of context, act on it or abuse it? If the answer is no, consider calling or better yet meeting face-to-face. In addition, if something really inflames you or causes you to make judgments, stop and make that personal or face-to-face connection again. Make these social practices a habit and you will be less susceptible, though not immune, to the sorts of manipulation, abuse and eavesdropping that now opens up in the connected world.

Join the Conversation

Join the Conversation


In this article