FakesApp: A Vulnerability in WhatsApp

Channel:
United States Check Point Software
Subscribers:
79,900
Published on ● Video Link: https://www.youtube.com/watch?v=rtSFaHPA0C4


Duration: 3:23
331,398 views
504

Check Point Research shows new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.

Our researchers observed three possible methods of attack exploiting this vulnerability:

1. Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.

2. Alter the text of someone else’s reply, essentially putting words in their mouth.

3. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.

Following the process of Responsible Disclosure, Check Point Research informed WhatsApp of their findings. In response, WhatsApp acknowledged the vulnerabilities, explained them as being part of the design framework and are open to being approached for further explanation. From Check Point Research’s view, we believe these vulnerabilities to be of the utmost importance and require attention.

For full technical analysis, please visit Check Point Research: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

Have questions or interested in enterprise mobile security? Request a demo today.
https://tinyurl.com/y5g4wv58



Other Videos By Check Point Software


2018-08-31Without the Best Security, Bad Things Happen, (Nacho Malware Edition)
2018-08-17Combating 5th generation cyber attacks w/ Check Point 23900 Security Gateway & SandBlast Mobile 3.0
2018-08-15Check Point R80.20 – Integrating Google Cloud Account
2018-08-12Hacking the Fax – Ground Breaking New Research in Cyber
2018-08-12Android Vulnerabilities: Man-in-the-Disk Attacks Google Voice Assistant
2018-08-12Android Vulnerabilities: Man-in-the-Disk Attacks Google Translate
2018-08-12Android Vulnerabilities: Man-in-the-Disk Attacks Xioami Browser
2018-08-12Android Vulnerabilities: Man-in-the-Disk Attacks Yandex Search
2018-08-12Yandex Translate
2018-08-08Harmony Mobile Architecture: Check Point Lightboard Series
2018-08-07FakesApp: A Vulnerability in WhatsApp
2018-08-06Check Point CloudGuard is Cloud Security
2018-08-02CloudGuard VMware NSX Demo- DemoPoint Academy
2018-08-01Understanding the Shared Responsibility Model, Check Point Lightboard Series
2018-07-26Check Point Lightboard Series: High Availability Architecture in Multi-Domain Environments
2018-07-24High Availability Architecture with R80.10 - Check Point Lightboard Series
2018-07-23VSX Cluster deployment & configuration - DemoPoint Academy
2018-07-17Check Point R80.20 Log Exporter Feature
2018-07-16Deploying Check Point Next Generation Firewalls just got easier with the Blink utility
2018-07-13Converting a Check Point 1400 security appliance from Local to Central Management
2018-07-10Prevent sophisticated cyber attacks, protect your business | Check Point Infinity Architecture


Tags:
whatsapp
FakesApp: A Vulnerability in WhatsApp
check point
whatsapp vulnerability
vulnerability
mobile security
mobile sec
cyber security
new york times whatsapp
checkpoint
check point software whatsapp
mobile vulnerabilities
whatsapp vulnerabilities
whatsapp vulnerability 2018
responsible disclosure
manipulate messages in whatsapp
check point research
checkpoint research
new vulerabilities whatsapp
new mobile vulnerability
quote feature whatsapp