5 ways WhatsApp messages can be hacked

Hacks targeting WhatsApp may affect the privacy of messages and contacts. Here are 5 ways that the WhatsApp app can be hacked.

WhatsApp is a popular and easy to use messaging program. It has some security features, like using end-to-end encryption to keep messages private. However, hacks targeting WhatsApp may affect the privacy of messages and contacts.

Here are 5 ways that the WhatsApp app can be hacked.

In what ways can WhatsApp be hacked?

  1. 1. Execute code remotely via GIF
  2. 2. Attack Pegasus voice call
  3. 3. Attack on Social engineering
  4. 4. Media File Jacking
  5. 5. Facebook is 'spying' in Whatsapp chats

1. Execute code remotely via GIF

5 ways WhatsApp messages can be hacked Picture 15 ways WhatsApp messages can be hacked Picture 1

In October 2019, security researcher Awakened revealed a flaw in WhatsApp that allowed hackers to control applications with GIFs. This hacking method works by taking advantage of how WhatsApp handles images when users open Gallery view to send media files.

When this happens, the application will parse the GIF to display a preview of the file. GIF files are special because they have multiple encoded frames. This means that malicious code may be hidden in images.

If a hacker sends a malicious GIF to a user, he may compromise the user's entire chat history. Hackers will be able to know what the user texted and said, to whom. They can also see files, photos and videos sent via the user's WhatsApp.

The flaw affects WhatsApp versions up to 2.19,230 on Android 8.1 and 9. Fortunately, Awakened has revealed the flaw so that Facebook, the company that owns WhatsApp, can fix the problem. To keep yourself safe from this problem, you should update WhatsApp to version 2.19.244 or higher.

2. Attack Pegasus voice call

5 ways WhatsApp messages can be hacked Picture 25 ways WhatsApp messages can be hacked Picture 2

Another WhatsApp vulnerability discovered in early 2019 was a Pegasus voice call hack. This frightening attack allows hackers to gain access to a device just by making a WhatsApp voice call to the target. Even if the target does not answer the call, the attack can still be effective. And the target may not even know that malware has been installed on his device.

The hack works through a method called buffer overflow. This is where an attack intentionally places too much code in a small buffer so that it can 'overflow' and write the code in an inaccessible location. When hackers can run code in a secure location, they can perform malicious actions.

In the case of this attack, hackers installed an old and famous spyware named Pegasus. It allows hackers to collect data on phone calls, messages, photos, videos, even let hackers activate the camera and device microphones to record everything.

This vulnerability can be exploited on Android, iOS, Windows 10 Mobile and Tizen devices. It was used by Israel's NSO Group, which allegedly spies on Amnesty International staff and other human rights activists. After the news of the hack was revealed, WhatsApp was updated to protect it from this attack.

If you're running WhatsApp version 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, you need to update your app immediately.

3. Attack on Social engineering

5 ways WhatsApp messages can be hacked Picture 35 ways WhatsApp messages can be hacked Picture 3

Another way that WhatsApp is vulnerable is through Social engineering (or non-technical) attacks. This is a way of exploiting human psychology to steal or spread false information. A security company called Check Point Research has revealed such an attack. The company named the attack FakesApp. This attack makes misleading use of the citation feature in group chats and can change the response text of others. Basically, it allows hackers to make fake claims, as if they are from other legitimate users.

Researchers were able to do this by decoding WhatsApp communications. This allows them to view data sent between the mobile and web versions of WhatsApp. And from here, they can change the value in group chats. Then, impersonate another person to send a fake message. They can also change the response text.

The researchers point out that this can be used in worrying ways to spread scams or fake news. Although the flaw was revealed in 2018, it was not yet patched by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019, according to ZNet.

4. Media File Jacking

5 ways WhatsApp messages can be hacked Picture 45 ways WhatsApp messages can be hacked Picture 4

Media File Jacking is a vulnerability that affects both WhatsApp and Telegram. This attack takes advantage of how applications receive media files, such as photos or videos, and write those files to the device's external storage.

The attack began by installing a piece of malware hidden inside an application that looked very harmless. This malware can then monitor files sent to Telegram or WhatsApp. When a new file appears, the malware can swap the actual file into a fake file. Symantec researchers discovered the problem and thought it could be used to deceive people or spread fake news.

There is a quick fix to this problem. In the WhatsApp app, you should look in Settings and go to Chat Settings . Then find the Save to Gallery option and make sure it is set to Off. This method will protect you from holes. However, a real fix to the problem will require application developers to completely change the way applications handle media files in the future.

5. Facebook is 'spying' in Whatsapp chats

5 ways WhatsApp messages can be hacked Picture 55 ways WhatsApp messages can be hacked Picture 5

The last topic to consider is really a security issue rather than a vulnerability. It relates to whether or not WhatsApp messages can be read by Facebook.

In a blog post, WhatsApp implies that because the application uses end-to-end encryption, Facebook cannot read WhatsApp content: 'We have applied terminal encryption. When you and your friends are using the latest version of WhatsApp, your messages are encrypted by default, which means you're the only one who can read them. Even if we coordinate more with Facebook in the near future, your encrypted messages will remain private and no one else can read them, including WhatsApp, Facebook or anyone else.

However, according to developer Gregorio Zanon, this is not entirely true. The fact that WhatsApp uses end-to-end encryption does not mean that all messages are private. On an operating system such as iOS 8 or later, applications can access files in a shared container.

Both the Facebook and WhatsApp apps use the same common container on the device. And while chats are encrypted when sending, they don't necessarily have to be encrypted on the original device. This means that the Facebook application is capable of copying information from the WhatsApp application.

Currently, there is no evidence that Facebook used shared containers to view private WhatsApp messages. But this is entirely possible. Even with end-to-end encryption, your messages may not be private to Facebook.

The above are examples of how WhatsApp can be hacked. While some of these issues have been fixed as soon as they have been found, others have not been resolved yet.

To learn more about whether WhatsApp is safe or not, see TipsMake.com 's guide to what WhatsApp security threats users need to know.

3.5 ★ | 2 Vote