Check Point Security recently found a ‘severe’ security threat in the WhatsApp web version, and WhatsApp has announced that they have fixed it with a new update for the web version. Let us try to understand what the threat was, what is the impact and what other threats exist? We will also see the details about Encryption and discuss some other possible threats in brief.
What were the Bug and Impact?
The flaw or bug was with end-to-end encryption functionality. Someone technically sound (hackers) could take over other user’s profile by sending them a message or a file and then it was possible to hack the conversation, photos, videos and also send messages to other users from this account. The freelance websites are discussing about it for last one week.
The same method was there in encrypted messaging app Telegram, and they also have fixed the problem. Check Point Security alerted the companies about the issue and WhatsApp and Telegram responded quickly and fixed the issues. It might have affected millions, but no one knows! After fixing the bug may be no one can chat with you with someone else’s name but if the hackers have stolen your chat, pictures, and videos, you won’t know it.
What is the Action?
Facebook/WhatsApp has now fixed the problem within a day of reporting, which could also have been used to take over accounts belonging to victims’ friends. They released an update of WhatsApp for the web. Users are supposed to restart their browsers, thereby making sure the version is up to date.
How to Protect Yourself?
Although WhatsApp and Telegram have fixed the issues, users should periodically clear all logged-in computers to form their WhatsApp and Telegram accounts in Settings. Check Point mentioned that users should avoid opening suspicious files and links that come from numbers they don’t know.
Encryption and Decryption are old techniques for data transmission used in different ways over last several decades. It means the sender can send data to the specific receiver and only that person/that device can read the message. If any other person taps the message in between, that person will not understand the scrambled message.
The data is scrambled once sent from your device and unscrambled when received by another device. The normal text messages (SMS) are not encrypted, but when you use WhatsApp message (with latest WhatsApp version), they are encrypted.
Working of End-to-End Encryption
The WhatsApp encryption is a major step as they want to give the highest priority to user safety and security of communication. They have clarified that they can’t read or interpret the messages from any users and only the receiver will be able to read them.
The complex coding ensures that only the receiver can unlock the message and read it. A message for all users is that with technology from a company like Facebook/WhatsApp, there can still be a flaw somewhere which the hackers can find out.
Why End-to-End Encryption?
The main part of end-to-end encryption is that no party like governments, police, hackers and other users can intercept and read your messages. Some countries have banned WhatsApp for this reason, and some are not happy about it. Facebook believes that each user has a right to have their conversations as private. It can be related to a pipe where the liquid can flow from only one end and come out of another end.
Possible Security Threats with WhatsApp
Since WhatsApp launched the App via a web interface, all standard issues of Web Malware are the possibilities. The recent security threat identified was also with a Web interface. Download of files and clicking of unknown inks are the threats WhatsApp users are likely to face (especially for the Web version). The positive side of it is that you can use WhatsApp on your PC and sync with your phone. The simplest precaution is using the Official WhatsApp web version site only and add it to your favourites. Avoid sharing sensitive data on WhatsApp web version as much as possible.
Someone discovered that it is possible to crash someone else’s WhatsApp Instance by sending a message over 7 MB in size. When you receive this message, your WhatsApp will crash every time the user tries to open the thread. The only way to regain control is to delete the entire thread. There was another discovery by some users that the same problem can happen even with smaller messages which contain a set of special characters.
This issue is not only for individual messages but also for the groups, in which case all group members experience the crash and need to leave the group and delete the thread. It may cause a big pain if you have a large group of members discussing some important stuff like business discussions. Currently, it is observed only in the Android version of WhatsApp.
WhatsApp recently enhanced end-to-end encryption, making it more secure. However, there are still a few ways that other people can listen to your conversations. There’s a spy software which sends reports on browsing, calls, text messages, conversations, etc. back to the owner of the App.
As we know, there is no WhatsApp advertising platform like Facebook, but there are Marketers who can send a message to a group of WhatsApp users on a specified date at a specified time as a mass message. It is an illegal act, and you should report the same if you receive such Ads on WhatsApp. Keep reading freelance tips to know more of such technical issues and resolutions.
Summary: WhatsApp has crossed 1 billion marks of users, and there are very few Mobile Apps which are at this stage. In spite of Facebook/WhatsApp taking sufficient care about the security of data as well as privacy, there are still some questions raised. The recent finding of a bug is going to worry the users. The bug got fixed, but there are questions which will remain unanswered like ‘Is my data stolen?’ or what is there is another bug like this? We will assume that there are no more defects like this and don’t take any Apps for granted.