WhatsApp remains one of the most popular social messaging platforms in the world. With over 1.5 billion monthly active users, the service remains vital in major parts of the world. The biggest feature of WhatsApp is its end-to-end encryption and it might be at risk. During the Black Hat security conference in Las Vegas last week, security researchers revealed several flaws in the messaging service. One of the most crucial flaw being that WhatsApp’s end-to-end encryption can be broken by attackers.
Security researchers at Check Point Research detailed some of the flaws in the messaging service. The security team noted that one flaw could allow a hacker not only to read your messages but also change it. The implications of such a flaw cannot be explained in mere words. Check Point’s Oded Vanunu demonstrated how encrypted messages can not only be read but also modified with the flaw. There is also another flaw that could allow an attacker to attribute a message to another person instead of the actual sender. This flaw could create chaos among WhatsApp users if exploited by a hacker.
With a user base of over 1.5 billion users worldwide, this flaw could be weaponized by an attacker. The third flaw could allow an attacker to disguise a public message as a private message. This means that the sender will be thinking that their message is private. While it is public and will remain visible to others. Check Point researchers note that they pointed out these flaws to Facebook, which acquired WhatsApp for north of $21 billion. It has fixed this last flaw that turned public message into private message.
The first two flaws remain available to exploit for threat actors, according to Check Point. If you use WhatsApp extensively then do note that end-to-end encryption is vulnerable to attacks. Those with evil intentions will be able to exploit these flaws for personal gain. It is advisable to be careful when you communicate with friends or family.