In the sample, the boss's message was altered to increase the supposed raise from $500 to $1,500.
According to security researchers, this vulnerability could be exploited in three ways, all of which involve social engineering tactics to fool end-users.
For example, it wanted to change your message, all what is required is to capture the outgoing message from WhatsApp, decrypt the data, change it to whatever it wants it to say, and then encrypt it back. At the conference, researchers presented the tool that they created to exploit WhatsApp's vulnerabilities in hopes that it would provoke discussion on the matter and to raise awareness that this is something that might be happening.
The new tool builds upon a vulnerability in Facebook's WhatsApp, Bloomberg reports. WhatsApp's spokesperson said that if these issues were addressed, it could make WhatsApp less private like it might require to store other information like location. The exploitable element here is the web version of WhatsApp, which uses QR codes to pair to your phone.
Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation. "We manage our private and professional life on this platform and it's our role in the infosec industry to alert on scenarios that might question the integrity", said Oded Vanunu, head of products vulnerability research at Check Point and one of the researchers who discovered the vulnerabilities. One of many reasons WhatsApp is widely popular is due to its end-to-end encryption, which users believe safeguards their conversations from prying eyes and ears.
A new vulnerability surfaced in WhatsApp that can potentially allow hackers to manipulate messages.
The decryption process helped in manipulating the messages sent, the identity of the users on a group and manipulating a chat by sending modified messages on behalf of another user. The worst part is that there is now no fix for this issue.
According to Check Point's research hackers could manipulate text messages using "quote" feature to change the name and appearance of the sender on WhatsApp. Researchers from Check Point technologies showcased the vulnerabilities in the Facebook-own messaging app earlier this week.
A cybersecurity expert at ZeroDayLab, Stuart Peck said that it is essential for users to know that the messages they are receiving re from trusted source.