WhatsApp is one of the most popular instant messaging apps in the world, with 1.6 billion users and 65 billion messages per day, according to Statista.
WhatsApp is also easy to use, and has some security features such as: Using end-to-end encryption protocol to secure messages, but there are ways to compromise the privacy of your messages and contacts.
Here are 5 ways you can hack your WhatsApp messages:
1. Remote code execution via GIF:
Topics related to what you are reading now:
At the beginning of October 2019, a security researcher called Awakened revealed a vulnerability in WhatsApp that allows hackers to access and control user data using malicious GIFs.The hack works by taking advantage of how WhatsApp processes images when the user opens the gallery to send a file. Modes.
When a user opens a malicious GIF file, it can jeopardize their entire conversation history, as hackers will be able to see who the user is messaging, and access the content of the conversation. They can also view user files, photos, and videos sent through the app.
WhatsApp 2.19.230 and earlier versions running Android 8.1 and Android 9 were affected by this vulnerability.Fortunately after Awakened revealed the vulnerability, the company was able to resolve it in version 2.19.244.
To keep your data safe from this vulnerability, you need to update WhatsApp on your phone to version 2.19.244 or later.
2- Pegasus attack for voice calls:
In May, the Pegasus Voice Call hack was discovered, in which a group of hackers exploited WhatsApp to remotely install spyware on users' Android or iOS phones by making WhatsApp voice calls to their targets. , And even if the target does not respond to the call, the attack may still be effective, and the target may not realize that his device has become spyware installed.
This hack allowed hackers to collect data from phone calls, messages, photos, and videos. It even allowed them to activate device cameras and microphones to take recordings.
Android, iOS, Windows 10 Mobile and Tizen have been affected by this vulnerability. It was used by the Israeli company NSO Group, which has been accused of spying on Amnesty International employees and other human rights activists.
Once WhatsApp discovered the vulnerability, it made the necessary changes to its infrastructure; to correct it, it also urged app users to upgrade to the latest version, as well as to update the phone's operating system, in order to protect against potential intrusions and prevent hackers from accessing stored information, on mobile devices.
3. Social Engineering Attack
Security checkers at Check Point revealed in August that there were loopholes in WhatsApp that allowed hackers to intercept and manipulate messages sent in private and group conversations, and that the company failed to address them despite being reported a year ago.
The researchers called this attack FakesApp, where the problem was to use the citation feature in the group chat to change the sender's identity, even if that person was not a member of the group, modify the text of another person's reply, and send a private message disguised as a public message to everyone in a group. Others, so that when the target individual responds, their message is visible to everyone in the conversation.
The researchers note that this attack could be used in worrying ways to spread tricks or fake news.Although this loophole was revealed in 2018, the company did not correct it by the time the researchers talked about it during the Black Hat security conference held in the city. Las Vegas in 2019, according to ZNet.
4 – Phishing through media files:
This vulnerability, known as media file jacking, affects both WhatsApp and Telegram.This attack takes advantage of how applications receive media files such as photos or videos and write these files to an external storage device. .
The attack begins by installing malicious software hidden inside an application, which can then monitor the incoming files of the application, and when a new file appears it can alter the real file of a fake file.
Researchers at Symantec Cybersecurity discovered this vulnerability in July, saying it could be used to defraud people or spread fake news.
To avoid this vulnerability, you can follow these steps:
- Go to the WhatsApp app on your phone.
- Tap the Setting option in the lower-right corner of the screen.
- Click on Data and Storage Usage.
- Under Media Auto-Download you'll find the types of media that can be automatically saved to your phone: photos, audio files, videos, and documents
- Press the Never option to automatically prevent downloading to your device.
This will protect you from this vulnerability. However, a real fix to the problem will require application developers to completely change the way applications handle media files in the future.
5- Exchange of data with Facebook:
When Facebook decided to acquire WhatsApp, the EU approved the deal after Facebook confirmed that the companies and their data would be separate.
But this option is no longer there recently, and this is probably one of the preparations for Facebook's future plans, which is about creating a unified network infrastructure for all of its messaging systems – WhatsApp, Instagram, and Facebook Messenger – and so far reports indicate that each service will continue As a standalone application, all messages will be exchanged over the same network.