WhatsApp Steele & Ohr ??
WhatsApp vulnerabilities 'put words in your mouth,' lets hackers take over conversations
The bugs could be used to dictate your responses in conversations.
Charlie Osborne for Zero Day | August 8, 2019 -- 10:43 GMT (03:43 PDT)
https://www.zdnet.com/article/whatsapp-vulnerabilities-puts-words-in-your-mouth-lets-hackers-tamper-with-text/
https://archive.fo/1Jj0d
A series of vulnerabilities in WhatsApp which could permit hackers to tamper with conversations have been made public.
On Wednesday, Check Point security researchers Dikla Barda, Roman Zaikin, and Oded Vanunu revealed three methods of attack exploiting these vulnerabilities.
According to the team, the bugs "could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources."
Speaking at the Black Hat conference in Las Vegas, Nevada, Vanunu said that the vulnerabilities have existed for a year, despite responsible disclosure in 2018.
Facebook said the WhatsApp bugs were due to "limitations that can't be solved due to their structure and architecture," according to the Financial Times.
A tool, demonstrated at Black Hat, has now been developed by Check Point to further press the issue and act as a proof-of-concept (PoC). The researchers believe the vulnerabilities are "of the utmost importance and require attention."
See also: LokiBot malware now hides its source code in image files
There are three methods of attack which exploit the problems. The first allows hackers to use the "quote" feature in a group conversation to change the identity of a sender -- even if that person has not participated in a group chat.
The second is the alteration of a reply, which the researchers describe as "essentially putting words in [a contact's] mouth."
The third is the sending of a 'private' message to another group participant which is actually masked as a public message, and so when responded to, everyone in a conversation can see the content.
Check Point attempted to reverse WhatsApp's algorithm to decrypt data and communication. The team was then able to see the parameters sent between the desktop and mobile version of the platform, and this information allowed them to develop the tool and conduct the attacks.
Full technical details of the decryption and spoofing tool, as well as possible attack vectors, can be found in Check Point's blog post.
........................
Trying to get out in front of some damning news?
> Like records/evidence of bad actors planning assassination(s) or treason?