- Feb 4, 2016
- 2,520
With over 1 billion users and over 60 billion messages sent every day, Facebook owned WhatsApp has had a problem with the spread of fake news and rumors. Due to this they have had to put restrictions on the amount of times a particular message could be forwarded.
It now has gotten worse, as researchers from CheckPoint have figured out a way to manipulate conversations in order to modify existing replies that were received, quoting a message so it appears that it came from another user who may not be part of the group, and sending private messages that can be seen by only one person in a group, but having their replies go to everyone in it.
...
....
How the attacks work
As WhatsApp encrypts messages sent through the app, in order to determine how WhatsApp sends a message, they first had to decrypt the network request. While messages between users are secure, a local client still needs to decrypt the message. This allowed CheckPoint to reverse the encryption and then locally decrypt the network requests to determine how communication is done.
Now that they could see what variables were being used when a message is sent, they could start to manipulate the variables in order to see what could be changed or done. This allowed them to discover that they could modify messages or change the way they appeard in order to confuse recipients.
...
.....