Jump to content
  • Over the year, WhatsApp developers have not fixed the critical vulnerability


    Today WhatsApp has an audience of about 1.5 billion people around the world. Despite such an extensive user base, the developers still have not eliminated the vulnerability that allows you to intercept messages in personal and group correspondence.

    WhatsApp vulnerability

    At the Black Hat 2019 conference in Las Vegas, several options were demonstrated for exploiting the vulnerability with which hackers can:

    • Correct messages by modifying them so that the recipient does not suspect that the author of the text was not the sender.
    • Manage the citation function by referring to non-existent messages.
    • Create the appearance that the message is sent to a single recipient, while it can get the whole community or a group of users.

    About all these flaws programmers told WhatsApp developers in August last year. To date, only the last "hole" with group mailing has been eliminated, while the use of two other options for message manipulation is still relevant.

    In addition, using the web version of WhatsApp, hackers are able to decrypt any correspondence. The interception of the access keys occurs at the time of creating the QR code. While the user starts the camera from the menu of the mobile client, the hacker intercepts a pair of encryption keys and after a successful connection gets access to the correspondence in unencrypted form. With such an access interception, it becomes possible to use the vulnerabilities mentioned above.

    Facebook, which owns WhatsApp, previously commented that to fix such vulnerabilities can not "due to infrastructure restrictions" and the need to compromise between privacy and security. A solution may be a full desktop client, which is currently being worked on by the developers of the messenger.


    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    Loading...

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.