With over 1 billion users and more than 60 billion messages sent every day, security flaws are a serious concern as they have the potential to have far-reaching impacts across the world.

Researchers at Israeli security company Check Point have brought to light the security flaws in WhatsApp’s protocols and design framework, which have a loophole enabling the creation and spreading of fake news under the guise of “trusted sources”.

Essentially, malicious users are able to intercept and modify the content of messages sent through both private and group conversations. This can be an easy way of spreading fake news.

What are the possible “attacks”?

The problem lies with how the WhatsApp mobile apps connect with the corresponding WhatsApp Web, and the way it decrypts encrypted messages using the protobuf2 protocol.

Specifically, the “quote” feature is where the vulnerability is exemplified. Hackers can use this feature to perform 3 types of attacks:

1. Change the identity of the original sender – impersonate another person from the group, or even a non-existent group member by simplify changing the name of the person being quoted.
2. Modify the content of someone else’s message in a group chat – put words in their mouth and mislead others. Make it seem like someone said something controversial or offensive.
3. Send private messages to a group participant disguised as a message to everyone – the target participant will see one message while everyone else sees something else, but nobody realizes this is happening. Only if the targeted participant replies then the content gets exposed to everybody.

How were these security flaws discovered?

The team of security researchers at Check Point (Dikla Barda, Roman Zaikin, and Oded Vanunu) first decrypted the network request of messages being sent via the app. They did this by creating a custom extension for Burp Suite, a popular security software web application. This extension allowed them to easily intercept messages so they could analyse their structure and look for loopholes.

By analysing the decrypted message, they could see all the parameters and variables being used in the messages sent between the mobile app and the web version of WhatsApp. This opened the window of opportunity for manipulating these, and it was quickly discovered that they could modify messages, the sender and target recipient.

It’s worth noting that these exploits can only be performed by members of the group conversation, rather than a 3rd party attacker or someone sniffing the network. However, it’s still a critical security flaw because attackers can achieve all kinds of malicious objectives, including spreading misinformation and fake news, or creating false evidence in their favor.

Check Point has urgently informed WhatsApp about these security flaws, as it’s essential they get addressed as soon as possible. The current status is that they’re being investigated further, so we’re waiting for an update from WhatsApp themselves on the matter.

The post WhatsApp vulnerability allows users to easily spread fake news appeared first on Hack Ware News.

Is China the Big Brother that watch over its citizens from the harmful contents of social network? The question arose once again after the country decided to block WhatsApp mobile messaging application on its border.

To be fair, WhatsApp was blocked twice, first in July this year by crippling its media sharing capability. Then by the end of September, even the simple text-messaging between devices was blocked, rendering the instant messaging application to absolute uselessness.

WhatsApp becomes the latest victims to China’s firewall

Since the ancient time, the China civilization showed their determination in keeping out with the out-desired elements of the societies. In the past, they turtled themselves from the marauding nomadic barbarians with Great Wall, nowadays they constructed a great digitalized firewall for media censorship.

Besides WhatsApp, there is a list of banned social media sites such as Facebook, Instagram, Twitter, Youtube, Google and so on. For every banned application, China has replaced them with the own app versions approved by the government such as RenRen, Moments, Weibo, Youku, Baidu and so on. For WhatsApp replacement, the Chinese response is WeChat which may act like a super app in combining various components together.

Censorship on sensitive issues

Due to the timeliness of the complete ban on WhatsApp, the conspiracy theorist conjured that the clampdown may have to link to the upcoming 19^th National Congress meeting taken place in Beijing, China on 18 Oct 2017.  During the meeting, the Chinese policymakers will discuss national policy as well as electing new leadership for the country.

For buildup toward that important date, the Chinese authority might want to prevent any unauthorized mass gathering characterized in Arab Spring where the role of social media was in centerpiece for organizers to form rally and uprising.

Perhaps the idea is too far-fetched at the moment, but it was understandably things in social media are being monitored. Perhaps why WhatsApp is banned in China due to its block end-to-end encryption which prove harder for monitoring.

It was reportedly that the Chinese censorship have been active in removing anti-Islam phrases in social media as websites have since been blocked after massive clean-up efforts over the net.

Failings by WhatsApp

China is not the only country to fall out with the popular messaging application that amassed over 1 billion users worldwide. Other countries have brushed with it too such the case of Brazil. In that episode, Brazilian law enforcers asked its telecom providers to block the messaging services thrice as it failed to handover information for investigation.

In last year, WhatsApp also created an uproar in Europe after the messaging app wanted to share data contacts with Facebook for the first time. The move disappointed users as WhatsApp compromise its positions about data sharing with other social network. Later, WhatsApp rolled back its decision and cut down its data sharing with others.

Similarly, WhatsApp had a face-off with laws-makers in United Arab Emirates (UAE), as the swearing over the messaging platforms invited fine of USD60,000 and deportation under a new federal law in cities such as Abu Dhabi and Dubai.

Verdict

To be fair, all government tends to “look after” its citizens in one form and another. And companies that provides social networks service often have to choose whether to comply with the ever stricter censorship and regulations to operate. Thus, sometime the response from the authority may be as straightforward as – either you are in or out. Therefore, choose your side wisely for you have already be warned.

The post Big Brother is watching WhatsApp appeared first on Hack Ware News.