A couple of months ago, I mentioned that we will no longer play the ignorance card when it comes to our cyber security. The perception that “some things only happen in the movies” has no place in our current digitalized society. For this reason, you have to make sure that you remain informed and take every possible precaution. For instance, you have to make sure that all applications on your phone are always up-to-date and ensure that your computer runs the latest antivirus software. Besides this, you have to be aware of the latest attack vectors and how they could potentially affect you, especially if you are a system administrator. Nevertheless, for the purpose of this article, we will confine our discussion today to the popular messaging app, WhatsApp, its security and privacy concerns. Being so widely used, it goes without saying that understanding the potential threats associated with it and how that could impact you is very important. You should be cyber-aware.
WhatsApp is one of the most popular social networking and messaging platforms used in Kenya. It is also one of the most targeted applications by malicious people. For instance, according to an article by Cybersecurity Insiders, there is a bug in the application that can allow a hacker to intercept messages sent between individuals and groups. The attacker can then alter the message(s) to accomplish their desired objective. Also, the media files (images, documents and voice notes) you receive can be intercepted and altered. I will include a few videos below that show how this can be achieved. These videos are courtesy of SkyCure.
With image manipulation, when someone sends you a photo, the hacker, in near-real-time, is able to change different aspects of the image. The video below shows the proof of concept:
Just like in the image manipulation, the hacker is able to intercept invoices and other related financial documents and alter the payment or other information. In the attack scenario below, the bank details of an invoice are easily altered to those of the attacker without the knowledge of the sender or the recipient.
Audio Message Spoofing
This one is very interesting. Are you aware that your voice can be cloned and made to say something you never did? In the proof of concept below, the attacker is able to intercept a voice note from a supposed boss to their employee. This message is quickly altered to contain the message from the intruder.
How about your WhatsApp privacy? Have you ever had a discussion with a friend or in a group chat about, say a television, and all of a sudden you start receiving ads about televisions on Facebook and other websites? Apparently, your data is never that private. WhatsApp utilizes algorithms that are able to extract keywords from your conversations and tailor ads based on these conversations. This information is also shared with third parties like Google who may also tier their ads based on your conversations.
Please note that we are not condemning WhatsApp as poor or weak, security-wise. It is the subject of today’s article because many attackers leverage on the platform to accomplish a number of their objectives. For example, you may download a malicious application whose agenda is to access or manipulate WhatsApp data. In this case, WhatsApp, as an application, is not the weak link or the source of your attack. It is you, the ignorant or otherwise you who may have clicked a malicious link or downloaded another infected application. That said, how can you keep yourself safe?
How to Protect Yourself
- As mentioned before, always ensure that you keep all applications on your phone updated
- Always ensure that you download any application from the official store (android playstore, apple store e.t.c)
- Do not click on any links you do not trust
- Make sure that you go through all your applications and verify that you downloaded them yourself. Most recently, there was a malicious application by the name “Agent Smith” that was replacing authentic applications with malicious ones. For instance, once “Agent Smith” got into your phone, it would replace WhatsApp, Opera, and so on with exact copy cats which actually spied on you instead or ran other malicious payloads. As of today, around 25 million android devices have been infected. So, after reading this article, please go through all the applications on your phone and verify that you are the one who downloaded them. Anything that doesn’t seem familiar, delete it immediately.
- Many of you save all your media files from apps to your external device. For the case of media hijacking, please switch back to the phone memory. I know this may consume some bit of space on your phone but heck…prevention is better than cure, right?
WhatsApp: Settings → Chats → Turn the toggle off for 'Media Visibility'
Well, that is it for today’s tips and security awareness. We will always strive to ensure that you are always well informed. Meanwhile, review your phone as soon as possible.