Further woes for Whatsapp sees the discovery of a new bug on the platform, which allows hackers to access your group chats and private messages. What’s worse is that hackers can also take control of the accounts by posting fake messages on your behalf without your knowledge.
How does the hack originate?
Users will be unaware that they are being hacked. Hackers can impersonate the person whose account has been hacked and circulate messages on his / her behalf on private chats as well as group messages. The loophole has been spotted by cybersecurity enthusiasts at Check Point Research and can occur due to a vulnerability that exists between Whatsapp for Web and WhatsApp app for user’s smartphones. Currently, users can access WhatsApp via their browser but would have to sync with their phones to send messages on their desktop/laptop.
What can the hackers do?
The hackers literally take control of the user’s account. Check Point’s team tested this hack and found that the hacker can post a message on a group by changing the identity of the sender, even if the hacker isn’t a part of the group or conversation. The team used the quote feature in the group chat in order to modify the identity of the sender. Next, they copied and then altered the text sent by someone, making it look as though that person sent the text in the chat. So other participants can literally create their own messages and make it look as though the user sent it, by using this quote and reply method.
Apart from this, users were also able to send a participant to the group a private message, which is made to look as though it is a public message meant for all participants in the group. But when the target responds to this text the reply message is made public and is visible to all users in the group. Hackers were also able to demonstrate that they can reply back to themselves in a private chat and make it look as though the other party responded to the text.
The only plus side of this hack is that it isn’t easy to initiate, as the hacker must be able to intercept the encryption of the app. But the very fact that such an attack can be performed is terrifying and can be damaging to the Facebook-owned Chat messenger and its user base. The group of hackers have notified WhatsApp about this hack and have in turn heard back from them stating that they are aware of this flaw. This certainly isn’t good from a PR perspective, as Whatsapp seems to have let this hack slip by despite their knowledge of it. However, the hack is apparently a part of the design framework of the chat messenger.
This is definitely bad news for WhatsApp, as it has been going through some turbulent times, especially in India. The popular chat messenger has been in the firing line for being used a platform for spreading fake messages and propaganda by miscreants and WhatsApp have been unable to do anything to stop them from doing so. This has led to lynching across the country. The matter has required the attention of the Government of India, with the IT ministry issuing notices to WhatsApp to clean up its act.
The American chat messenger has responded, by coming out with a slew of changes to its platform including labelling of “forwards”, restrictions in group chats and a campaign to educate the average Indian about the issue surrounding fake message circulation.