WhatsApp is a popular and easy-to-use messaging program that has some security features, such as using end-to-end encryption to keep your messages private.However, whatsapp hacks can compromise the privacy of your messages and contacts so be careful with 5 tricks hackers can hack your messages on WhatsApp
.
1 - Execute remote code using a GIF image
In October 2019, the security researcher Awakened revealed a vulnerability in the WhatsApp application that allows hackers to control the application using a GIF image. The hack works by taking advantage of the way that WhatsApp processes images when the user opens the Gallery view to send a media file.
When this attack occurs, the application distributes the GIF to display a preview of the file. GIF files are special because they contain multiple encrypted frames meaning that the hacker can hide the code inside the image.
If a hacker sends a malicious GIF file to a user, the entire conversation history can endanger the user. Hackers can also view user files, photos, and videos sent via WhatsApp
To keep yourself safe from this problem, you must update the WhatsApp application to version 2.19.244 or later
2- Pegasus penetration of voice calls
Another WhatsApp vulnerability discovered in early 2019 was the penetration of Pegasus for voice calls. This frightening attack allowed hackers to reach the device by simply making a WhatsApp voice call to their target. Even if the target does not respond to the call, the attack may still be effective and the target may not realize that the malware is installed on its device.
This attack works through a method known as buffer overflow. This is where the attack intentionally places too many codes in a small buffer that “swells” and writes the code in a location that the victim should not be able to access. When a hacker can run code in a location that must be safe, he or she can take harmful actions.
In the event of this attack, hackers install an older piece of spyware known as Pegasus allowing them to collect data on phone calls, messages, photos and videos. It even allows them to activate hardware cameras and microphones to take recordings.
This vulnerability applies to Android, iOS and Windows 10 Mobile devices and has been used by the Israeli company NSO Group, which has been accused of spying on Amnesty International employees and other human rights activists. After the hacking news was published, WhatsApp was updated to protect it from this attack.
If you are running WhatsApp version 2.19.134 or earlier on Android or 2.19.51 or earlier on iOS, you need to update the app immediately.
3. Social engineering attacks
Another way to make WhatsApp vulnerable is through social engineering attacks. These attacks exploit human psychology to steal information or spread false information. A security company called Check Point Research has uncovered an attack called FakesApp that allowed people to misuse the quote feature in group chat and change someone else's response text. Basically, an attack allows hackers to grow fake statements that appear to be from other legitimate users.
Researchers were able to do this by decrypting WhatsApp connections.This allowed them to see the data sent between the mobile version and WhatsApp version on the web.Hence, they can change the values in group chats, then they can impersonate other people, send messages and they can also change the text of replies.
Researchers point out that social engineering attacks can be used in worrying ways to spread scams or fake news.Although the vulnerability was revealed in 2018, it was not corrected by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019.
4 - file and media trapping
The vulnerability affecting both WhatsApp and Telegram is the coverage of media files. This attack takes advantage of the way applications receive media files such as pictures or videos and write these files to an external storage device.
The attack begins by installing a malicious piece of malware hidden inside an application that appears to be harmless.This malicious program can then monitor incoming files for Telegram or WhatsApp and when a new file appears, the malware can switch the real file to a fake file
There is a quick fix for this problem in WhatsApp, you should search the settings and go to the chat settings then look for the option "Save to Gallery" and make sure to set it to "Off" This will protect you from this vulnerability.However, a real fix to the problem will require Application developers have to completely change the way applications handle media files in the future.
5.Facebook spies on WhatsApp chats
It is more a security problem than a real vulnerability It comes to whether or not Whatsapp messages can be read by Facebook.
WhatsApp uses end-to-end encryption, it is impossible for Facebook to read WhatsApp content. Whatsapp says on its blog: “When you and the people you are using use the latest version of WhatsApp, your messages are encrypted by default, which means you are the only person who can read them. Bigger with Facebook in the coming months, your encrypted messages will remain private and no one else will be able to read them on WhatsApp, Facebook, or anyone else. ”
However, according to developer Gregorio Zanon, this illustration of WhatsApp is not entirely correct. The fact that WhatsApp uses end-to-end encryption does not mean that all messages are private. On an operating system like iOS 8 and above, apps can access files in a Shared Container.
Both Facebook and WhatsApp apps use the same shared container on devices and although chats are encrypted when they are sent, they are not necessarily encrypted on the original device.This means that Facebook can copy information from WhatsApp.
0 Comments