OK, so let us get this morning’s blog started with a question to all of you out there. Out of the ton of mobile apps that are available, what is your most favorite? Or, which one do you use most often for productivity (Note: not those apps that you use to kill time with)?
For me honestly, I have only like 2 or 3 mobile apps that I have ever downloaded . . . and even then, I hardly every use them. My main tool for communications has always been either the phone or E-Mail.
But, there is one app that I have used before for communicating with an old friend of mine. And yes, that is called “What’s App”. I never used it that much, but when I did, the service was great. I couldn’t believe at first that the calls were actually free (even long distance ones that I had used to call India), and I was equally taken aback by its messaging functionalities.
And during the time that I was using it, and even up to recently, I had not been aware of any potential Cyber attacks against “What’s App” or any vulnerabilities that it may have possessed. That is, up until now. But today, I came across a news headline which blatantly states that now, that there is a weakness that allows the Cyber attacker to change the content or change the identity of the sender of a message that had been delivered before.
So, how does this work exactly? The Cyber attacker can change a “quote” — a feature that allows people within a chat to display a past message and reply to it — to give the impression that someone sent a message that he or she did not actually send. The creators of WhatsApp actually acknowledge this issue, they dismissed it as a flaw or even a security vulnerability.
Their line of reasoning for this: “WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service.” (SOURCE: https://www.nytimes.com/2018/08/07/technology/whatsapp-security-concern.html).
In fact, they even compared to merely changing the content of an E-Mail message. The people at WhatsApp also claim that this discovery has nothing to do with the security of WhatsApp’s “End-to-End” encryption, which ensures only the sender and recipient can read messages, and that they remain unaltered.
At the present time, WhatsApp has a subscriber base of well over 1.5 billion users, thus making it the most widely used messaging app thus far. But, Facebook acquired the company for over $19 billion back in 2014.
Unfortunately, after this, the WhatsApp platform has become the source of false rumors as well as misinformation on its platform. For example, rumors about child kidnapping let to mob violence in India, and even false reporting about a vaccine to stop the spread of yellow fever in Brazil spread like wildfire.
However, WhatsApp has acknowledged the misuse of its platform to send false messages, and in response, it will put limits and constraints as to how many times a particular message can be forwarded. It will also attach a specially designed label to show to a subscriber how many times that message has even been forwarded. This can be a huge headache for end users, as public groups can contain as many 256 end users in them.
But, the Cyber security researchers at Check Point (whom discovered this so-called vulnerability), still have not backed down on their claim that what they have discovered is indeed a potential vulnerability in which a Cyber attacker can take advantage of. They firmly believe that what could be something simple and very easy to fix right now could lead to much bigger problems down the road.
My thoughts on this issue? Well, to be honest, I have not used WhatsApp in a long time to make any real judgements about it. My suggestion to the management team at WhatsApp is to listen to what Check Point Software is trying to tell you. In my view, they are a very reputable firm, and are just trying to point out a weakness which could have a lot of negative consequences down the road. Just don’t dismiss what they are saying.
But, if there are still any doubts about anything, then have the platform upon which WhatsApp resides penetration tested. This is the only sure fire way of knowing if anything is awry. To the end user, you should also be careful when using this mobile app. If you notice anything out of the blue, confirm with the sender of the message that they have indeed sent the message.
If they have not, then delete it immediately. Also, make sure that your Smartphone (whether it is an Android or an iPhone) is also up to date with the latest firmware and patches. And finally, don’t hesitate to report any anomalies that you may discover to WhatsApp. After all in the end, you are the customer, and they need to be listening to you.