Home program hacking knowledge WhatsApp security snafu ‘could allow message manipulation’ –

WhatsApp security snafu ‘could allow message manipulation’ –

17
0


Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

- privacy shutterstock - WhatsApp security snafu ‘could allow message manipulation’ –

Credits: theregister

Researchers have uncovered security shortcomings in WhatsApp that create a for hackers to intercept and manipulate messages sent in both private and group conversations.

Protocol decryption cleared the path to chat manipulation, boffins at Israeli security firm Check Point discovered.

Researchers at Check Point first converted WhatsApp’s (encrypted) protobuf2  to Json. They then developed extensions to the popular Burp Suite that they claimed facilitated three manipulation methods, allowing them to:

  1. alter the text of someone else’s reply, essentially putting words in their mouth;
  2. use the “quote” feature in a group conversation to change the identity of the sender, even if that person is not a member of the group; and
  3. send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.

The white hat hackers said they’d found it was possible to messages and sow the seeds of all sorts of confusion. All the techniques involve social engineering tactics to hoodwink end users, as explained at some length in a blog post by Check Point here.

Kevin Bocek, chief strategist at machine identity protection vendor Venafi, told us: “This was a serious flaw and it’s made possible thanks to machine identities – encryption keys and digital certificates that enable privacy and authentication between our devices, , and clouds.”

- logo16 - WhatsApp security snafu ‘could allow message manipulation’ –

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here