A trio of serious flaws have been discovered in WhatsApp



During the Black Hat security conference held last week in Las Vegas, security researchers at Check Point discussed several flaws that they found in popular messaging app WhatsApp. The latter, as many of you probably already know, was acquired by Facebook in 2014 for a price north of $21 billion. One of the features that drive users to WhatsApp is its use of end-to-end encryption; this means that a message posted by a user cannot be read by anyone but the recipient. Even Facebook can't see the message. But the flaws found by Check Point have some serious consequences for users.

The security team noted that one of the flaws it found in WhatsApp could allow a hacker to not just read a message sent by a member, but change the message as well. I would imagine that we don't have to tell you the implications of this. Another flaw could allow a hacker to attribute a message to another person instead of the actual sender. Again, we don't have to spell out the chaos that could result should some attacker actually exploit this vulnerability. After all, WhatsApp has over 1.5 billion users in more than 180 countries. By 2021, WhatsApp is expected to have 25.6 million users in the states.

Check Point also discovered that yet another flaw in WhatsApp could allow a hacker to disguise a public message as a private message. This could lull the recipient into thinking that his or her response will be private when in fact, it would be visible to others. When Check Point originally discovered these three issues last year and pointed them out to Facebook, the company was able to fix this particular problem although the first two flaws remain available for what Check Point calls "threat actors."


So keep in mind that just because WhatsApp has end-to-end encryption, it doesn't mean that there aren't any flaws that can't be exploited for evil reasons.

FEATURED VIDEO

6 Comments

1. lyndon420

Posts: 6883; Member since: Jul 11, 2012

I didn't fall victim to the claim of being 'secure' (especially after being acquired by fb)... Friends keep bugging me to join WhatsApp because it's secure etc etc etc bs...and there is the iApp for messaging that is apparently compromised... Reality has a way of slapping you in the face really hard when you give up too much of your hard earned trust...

2. JCASS889

Posts: 613; Member since: May 18, 2018

I don't get it, what's so wrong with sms?

6. shonasof

Posts: 36; Member since: Mar 18, 2019

SMS is limited by nature. Short messages, no attachments, chat history is dependent on your local device, and having to be using a device connected to an active cellular plan. MMS is better, but still very restrictive. there are many chat apps that offer so much more and that can be accessed by login rather than storing all of your chat history locally. Some people like what's App for some reason that I can't fathom. (personally I prefer Discord) There isn't a platform out there that's perfectly secure with no possible exploits or bugs.

3. TheOracle1

Posts: 2340; Member since: May 04, 2015

"The security team noted that one of the flaws it found in WhatsApp could allow a hacker to not just read a message sent by a member, but change the message as well. I would imagine that we don't have to tell you the implications of this. Another flaw could allow a hacker to attribute a message to another person instead of the actual sender. " This is very misleading. The flaw only applies to group messages therefore you have to be a member of a group. Why PA chose to withhold a crucial piece of information like this that's clearly stated in the original reports makes me suspicious of their motivation. Or at least shows poor journalism.

4. pogba

Posts: 113; Member since: Jun 13, 2018

How skilled, motivated, and equipped does someone have to be in order to exploit these said vulnerabilities?

5. cmdacos

Posts: 4330; Member since: Nov 01, 2016

How does the public see a message in whatsapp?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.