WhatsApp Security It is not the first serious security flaw discovered in WhatsApp, although, as in previous cases, exploiting it requires advanced programming knowledge Two vulnerabilities in the WhatsApp messaging application in its web version, discovered a year ago and still active, allow text messages to be simulated to have been written by another person or to modify their content.
The Israeli cybersecurity company Check Point has participated in the Black Hat 2019 cybersecurity event, where it has exposed two vulnerabilities currently present in the WhatsApp encryption protocol. Although the cybersecurity company alerted the application in August 2018, the vulnerabilities are still present in the service, according to Check Point. The first of the vulnerabilities allows to use the mentions to other messages in a group chat to change the identity of the person who writes it, even selecting contacts that are not in the group.
The second one allows you to alter the text of another person’s message when writing a response by citing another message. In this way, it is possible to change the message that appears as quoted and put in your mouth something that the user has not said. This vulnerability allows even manipulating an entire conversation and sending messages to oneself in a chat with one person posing as the other.
Both problems are present in the WhatsApp web version and reside in the way in which access to accounts is managed through QR code scanning and in the public and private key system that it uses, which takes place before it is Generate the access code. These security failures take place despite the end-to-end encryption mechanisms that the application has. They can be used to generate hoaxes and fake news, as the company has alerted. To demonstrate these problems, Check Point has developed an exploit in which the WhatsApp encryption has invested, and that allows them to access all the encrypted information that is exchanged between users.