The Economic Times
Stock Analysis, IPO, Mutual Funds, Bonds & More

Indian WhatsApp users must beware what they share: Check Point

In India WhatsApp has a mass usage with 400 million users officially registered on the application.

, ET Bureau|
Last Updated: Aug 10, 2019, 08.22 AM IST|Original: Aug 10, 2019, 07.54 AM IST
New Delhi: Following a global disclosure by Israeli cyber security firm Check Point highlighting vulnerabilities in messaging giant WhatsApp’s platform that can allow threat actors to intercept and manipulate messages sent in both private and group conversations, the authors of the firm’s research paper told ET in an interview that given the mass usage of the application in India, it is recommended that end users be cognizant of the nature of information they share on WhatsApp.

“According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries,” authors of Check Point’s research paper Dikla Barda, Roman Zaikin and Oded Vanunu told ET.

“The average user checks WhatsApp more than 23 times per day. In India WhatsApp has officially registered 400 million users. Given the mass usage of the app, and the vulnerabilities identified with a potential of intercepting and manipulating messages thereby spreading misinformation, it is recommended that the end users be cognizant of the nature of information they share on WhatsApp, especially when it comes to highly confidential and personal information,” they added.

The firm disclosed WhatsApp vulnerabilities at Black Hat, a cyber-security conference in Las Vegas on August 7.

The authors said the vulnerabilities give attackers the power to create and spread misinformation from what appear to be trusted sources and that the firm notified WhatsApp about them towards the end of 2018. The team observed three possible ways of attackers exploiting the vulnerability all of which involve social engineering tactics to fool end-users.

A threat actor may use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group, alter the text of someone else’s reply, essentially putting words in their mouth or send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.

“WhatsApp fixed the third vulnerability which enabled threat actors to send a private message to another group participant disguised as a public message for all. But, we found that it is still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources. We believe these vulnerabilities to be of the utmost importance and require attention,” the authors said.

Also Read

WhatsApp faces outage in India, Twitter abuzz

WhatsApp ‘exits’ accounts of J&K users

WhatsApp snooping row: Baghel orders probe

WhatsApp introduces catalogs for small businesses

WhatsApp introduces 'Catalogs' for small businesses

Add Your Comments
Commenting feature is disabled in your country/region.

Other useful Links

Copyright © 2020 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service