• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

New WhatsApp flaws let attackers hack chats to spread fake news

August 9th, 2018 Waqas Security 0 comments
New WhatsApp flaws let attackers hack chats to spread fake news
Share on FacebookShare on Twitter

Spreading fake news through WhatsApp was never so easy before.

According to the latest research from Check Point security firm, WhatsApp users are at the risk of getting their private chats and group conversations hacked and exploited. Researchers discovered a new wave of attacks that allow cybercriminals to penetrate your messages on WhatsApp.

This penetration is facilitated by “design framework” flaws in the famous messaging app. The attacker not only can intercept but also exploit messages whether in a private or group chat. This way, attackers can fulfill all sorts of malicious objectives such as diverting evidence in their favor or spreading misinformation.

Check Point’s researchers suggest that attackers can use the vulnerability for the following types of attacks:

  • Make changes to someone’s replies by adding words that they haven’t typed
  • Quoting someone’s message in a group chat who isn’t a part of that group on WhatsApp
  • Sending out a message to a group member pretending to be a group message but sent to that person only

Basically, the flaw lets attackers and scammers post anything on your behalf in a private and/or group chat. This may allow them to send fake messages from your side to your contacts and spread misleading news/information.

New WhatsApp flaws let attackers hack private/group chats to fake news

A Spoofed Reply Message (Image credit: CheckPoint)

According to CheckPoint’s blog post, the vulnerabilities between the mobile and web versions of WhatsApp are responsible for allowing infiltration of your private messages on the app. Users need to sync the web version with their mobile version installed on the device in order to send a message via desktop. By exploiting the flaws present in the syncing mechanism of both versions, an attacker can easily infiltrate the app’s encrypted traffic.

Check Point has informed WhatsApp about the issue and the company admitted that the flaws are indeed present in their mechanism. WhatsApp explained that the flaws seem to be part of the design framework of the platform but they are investigating the issue further.

New WhatsApp flaws let attackers hack private/group chats to fake news

(Image credit: CheckPoint)

Check Point researchers believe that the flaws are critical and need immediate fixing:

“We believe these vulnerabilities to be of the utmost importance and require attention.”

That’s because attackers can easily spread the fake news that may get uploaded on Facebook too. There will be dire consequences if that happens. Recently we have witnessed various incidents where fake news distributed on social media and messaging app led to serious real-life outcomes. Misinformation distributed via the app in India resulted in a series of lynchings. Online rumors led to the death of 12 Indians in May and the sole cause has been WhatsApp’s exploitation by cybercriminals.

The Head of Product Vulnerability Research at Check Point, Oded Vanunu, stated:

“Given WhatsApp’s prevalence among consumers, businesses, and government agencies, it’s no surprise that hackers see the application as a five-star opportunity for potential scams. As one of the main communication channels available today, WhatsApp is used for sensitive conversations ranging from confidential corporate and government information to criminal intelligence that could be used in a court of law.”

Watch how the vulnerability works

  • Tags
  • Encryption
  • Facebook
  • Fake News
  • Privacy
  • security
  • Vulnerability
  • WhatsApp
Facebook Twitter LinkedIn Pinterest
Previous article My Little Pony animator jailed for possessing 60k child abuse images
Next article Cyber Criminals selling Bitcoin ATM Malware on Dark Web
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

41
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

78
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

104

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us