Security & Fraud

Facebook’s WhatsApp Still Vulnerable To Year-Old Chat Hack

Internet safety authorities uncovered a means of hacking chats on WhatsApp last year, but Facebook has yet to fix the security flaws, The Financial Times reported.

Security experts at Check Point said a hacker could change messages and the sender’s identity, “essentially putting words in [someone’s] mouth,” the FT reported on Thursday (Aug. 7). Facebook acquired WhatsApp in 2014 and was alerted to the security issue in 2018.

At the Black Hat cybersecurity conference held earlier this month in Las Vegas, Check Point’s head of product vulnerability research Oded Vanunu said Facebook blamed the flaws on “limitations that can’t be solved due to their structure and architecture.” Facebook declined to comment, the FT said. 

As a way to alert WhatsApp’s 1.5 billion subscribers, Check Point created a means to let users themselves hack chats. 

“We think this is our obligation to escalate this,” Vanunu said at the conference, noting the hacking means wasn’t complicated. 

WhatsApp’s encryption was conceived for user privacy, but that also prevents Facebook from authenticating conversations. 

Some constraints have been introduced by Facebook over worrisome concerns that WhatsApp could be manipulated to spread misinformation and fake news. 

In another security issue uncovered in May, it was discovered that hackers can use WhatsApp’s phone call function to trigger Israeli surveillance spyware on both iPhones and Android smartphones. The malicious code could be transmitted even if users did not answer their phones.

The code was developed by the Israeli company NSO Group, creator of Pegasus, a program that can turn on a phone’s microphone and camera, search through emails and messages, and collect location data. NSO claims the product was designed to fight terrorism and crime and advertises it to Middle Eastern and Western intelligence agencies.

For its part, WhatsApp said that teams of engineers in San Francisco and London worked to close the vulnerability, with the company rolling out a patch for customers May 13.




The PYMNTS Cross-Border Merchant Friction Index analyzes the key friction points experienced by consumers browsing, shopping and paying for purchases on international eCommerce sites. PYMNTS examined the checkout processes of 266 B2B and B2C eCommerce sites across 12 industries and operating from locations across Europe and the United States to provide a comprehensive overview of their checkout offerings.