A newly discovered WhatsApp exploit is letting hackers intercept and manipulate messages sent in private and group conversations.
Kevin Bocek, Chief Cybersecurity Strategist at Venafi:
“The issue of WhatsApp chats being spoofed highlights a huge problem for the future: we have to be able to trust that our smartphones and the clouds that run them – machines that work around the clock for us – are secure and the Internet is trusted and private. It’s so easy to imagine how being able to imitate our friends and family members like this could cause havoc and enable bad guys to trick us into doing all sorts of things, and undermine not just chats but everything from the way we bank to the way we shop.
“This was a serious flaw and it’s made possible thanks to machine identities – encryption keys and digital certificates that enable privacy and authentication between our devices, apps, and clouds. Without them we would never be able to communicate securely. Unfortunately, this vulnerability shows exactly how they can be abused and how machine identities are the least understood part of cybersecurity. Worse, there is nothing we as consumers can do about this flaw – it’s up to companies to make sure they’re protecting all machine identities and how they are used in order to prevent these vulnerabilities and exploits from happening. Otherwise how can we know for sure who we’re really talking to, banking with or buying from?”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.