WhatsApp is a popular and easy to use messaging application. It has a number of security features, like end-to-end encryption to protect your privacy. However, the privacy of messages and contacts on WhatsApp can still be affected by being targeted by bad guys. Here are 5 ways to "hack" WhatsApp you need to know.
In October 2019, security researcher Awakened revealed a flaw in WhatsApp that allowed hackers to control applications via GIFs. This method takes advantage of the way WhatsApp processes images when users open Gallery view to send media files.
When that happens, the application parses the GIF to show the file preview window. GIF files are special because they have multiple encoded frames. This gives the opportunity for the "malicious" code to hide in the image. If a hacker sends a malicious GIF to the user, they can penetrate the victim's entire chat history. Hackers will know who the message is sent to and how it is delivered. Bad guys also see files, photos, and videos sent via the user's WhatsApp.
This flaw has affected WhatsApp since versions 2.19,230 and earlier on Android 8.1 and 9. Fortunately, Awakened has exposed this flaw and Facebook - the "father" of WhatsApp, promptly patched it. To protect yourself from this hassle, update WhatsApp 2.19.244 or higher.
2. Attack with the call "Pegasus"
Another WhatsApp flaw discovered in early 2019 was the "Pegasus" call. This frightening attack allows hackers to access devices simply by placing WhatsApp voice calls to their targets. Even if the target does not answer the call, they are still affected without even knowing that the malware is installed on the device.
This attack works through a method of causing a buffer overflow. This is where hackers intentionally put a lot of code into a small cache that makes it "overloaded" and writes the code in a location that it cannot access. When a bad guy runs code in an area where security is needed, they can spread malicious code.
The attack installed a well-known, long-standing spyware called Pegasus. It allows hackers to collect data on phone calls, photos, messages, videos, even activate the camera & microphone on the device to record.
This vulnerability appears on Android, iOS, Windows 10 Mobile and Tizen devices. It is used by the NSO Group of Israel - an organization that is accused of spying for Amnesty International and other human rights activists. After the news of the hack was leaked, WhatsApp was updated to prevent the attack.
If you're running WhatsApp 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, you need to update the app immediately.
3. Phishing
An easy way to get into WhatsApp is through non-technical attacks (Social Engineering). This is a way of exploiting human psychology to steal information or spread false information. Security firm Check Point Research revealed such an attack called FakesApp. It causes users to misuse the quoting feature in the chat group and change the reply content of others. It basically allows hackers to send fake news to other legitimate users.
Researchers can do this by deciphering the form of communication of WhatsApp. That action allows them to see data sent between the mobile version and the WhatsApp web. From here, they can change the values in group conversations. Then impersonate another person to send the message. They can also change the response.
The researchers said the bad guys could use this activity for fraudulent or spreading fake news. Although the flaw was exposed in 2018, it was not yet patched by the time the researchers spoke at the 2019 Black Hat conference in Las Vegas, the Znet.
4. Media File Jacking
This vulnerability affects both WhatsApp and Telegram . It takes advantage of the way the two applications receive multimedia files such as photos, videos and record them to external memory.
This attack started by installing a piece of malicious software inside an applet that looked innocent. It can then monitor the file sent to Telegram or WhatsApp. When a new file is detected, the malware can swap the file into a fake one. The research team discovered the bug, Symantec said it could be used to deceive or spread false information.
To quickly fix this error, in WhatsApp, go to Settings , access Chat Settings . Search options Save to Gallery and ensure it is set in the off mode ( Off ). Now you can be assured of this "nightmare". However, to completely overcome the problem, the application programming company needs to completely change the way the program handles media files in the future.
5. Facebook spies up the conversations on WhatsApp
This is more a security issue than a vulnerability. It involves Facebook being able to read WhatsApp messages.
In a blog post, WhatsApp implies that because of end-to-end encryption, Facebook cannot read the content on this application. However, according to programmer Gregorio Zanon, that is not entirely true. In fact, end-to-end encryption does not guarantee that all messages are private. For example, on iOS 8 and above, all applications have access to files in the "shared container".
Both Facebook and WhatsApp share a shared container on the device. While conversations are encrypted when sending, it is not necessary to encrypt them on the original device. Meaning Facebook has the ability to copy information from WhatsApp.
Currently, there is no evidence that Facebook used a shared container to view private messages on WhatsApp. However, this is entirely possible.
Above are vulnerabilities that have been discovered that make it easy for hackers to attack your WhatsApp. You can refer to WhatsApp's Privacy and Security Tips for more secure messaging.