The popular messaging application in is a bit less secure after Check Point’s research.
Two of Check Point’s researchers, Dikla Barda and Roman Zikin, found that the application has a severe weakness that allows attackers to send messages in the name of others very easily and send messages to groups that they do not belong at all.
The 2 Israeli researchers decided to check Whatsapp’s encryption, and from there it came to finding the weaknesses and hurdles that are not particularly difficult for experienced hackers or anyone who takes the time to do the steps.
The researchers found that Whatsapp uses Protobuf2Protocol after they have decrypted the message, to turn it into protobuf2data to Json. All it takes is using Whatsapp Web and testing what the encryption parameters and keys are.
After a few additional steps that can be read in the study itself, you can do the following.
- Rename a member of the Chat group even though it is not a member of the group at all
- Replacing a user’s response to insert “words into mouth” of another user
- Send private messages in the chat group but the other party answers and the whole group sees the answer.
Example of sending a message For some people who are sure everyone sees the message,