At a time when concerns about misinformation abound, researchers at Check Point Software Technologies discovered that criminals can use a hacked version of WhatsApp to alter information in messages already sent, Changes can be made to the content or identity of the sender.
“We believe these vulnerabilities are of utmost importance and require attention”, said Check Point Dikla Barda researchers, Roman Zaikin and Oded Vanunu in their findings. Attackers have “immense power to create and spread disinformation from what appear to be trusted sources”.
“The problem of WhatsApp chats being spoofed highlights a big problem for the future: We must be able to trust our smartphones and the clouds that run them, machines that work day and night for us, are secure and that the internet is reliable and private”, Kevin Bocek said, chief cybersecurity strategist at Venafi. “It's so easy to imagine how imitating our friends and family in this way could wreak havoc and allow the bad guys to trick us into doing all sorts of things, and undermine not only chats but everything from the way we save to the way we make our purchases.”
By qualifying the problem as “a serious defect”, Bocek said it was possible because of the same things: Encryption and digital certificates, that ensure privacy and provide cross-device authentication, Applications and clouds.
“Without them, We could never communicate securely”, Said. “Unfortunately, This vulnerability shows exactly how they can be abused and how machine identities are the least understood part of cybersecurity”.
Consumers can do nothing to protect themselves against this vulnerability. “It's up to businesses to ensure that they are protecting all machine identities and how they are used to prevent these vulnerabilities and attacks from occurring”, said Bocek. “Otherwise, How can we know for sure who we're really talking to??”