cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Whatsapp Web browser/quoting hack

Check Point Research has demonstrated a way to mess with Whatsapp, particularly in group chats.

 

The attack mostly seems to involve the function to quote and forward messages, and involves editing, possibly entirely, the messages quoted, without the original sender's knowledge.

 

The exploit is pretty convoluted, and seems to rely on the process of setting up Whatsapp in a Web browser window for some sessions.  Therefore, it probably isn't too dangerous, as long as people know about it.  What is more concerning, however, is that Facebook seems to think the problem is inherently unfixable, and therefore does not even intend to try.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
Shannon
Community Champion

 

That's interesting --- and scary. When I use my personal WhatsApp account, it's primarily to share humorous posts, & for anything important, I revert to calling the other party, so there's a lower chance of this creating havoc...

 

However, on the corporate side I've seen parties in the IT departments use WhatsApp groups to communicate with one another, so there's a potential for greater impact...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz