As we all know that WhatsApp Messenger is an American proprietary cross-platform instant messaging client for smartphones which uses the Internet to send text messages, documents, images, video, user location and audio media messages to other users using standard cellular mobile numbers. Recently the security experts of the Positive Technologies found that they can catch chats or messages and can respond as if they were the intended recipient of services such as WhatsApp or Telegram.
Now Hackers Can Imitate Victims And Can Reply To WhatsApp Chats[dropcap]As[/dropcap] we all know that both the WhatsApp and Telegram messenger is a cross-platform instant messaging client for smartphones as it uses the Internet to send text messages, images, documents etc. Hence, both the messaging services claim to offer end to end encryption for the chats. But, recently the security experts of the Positive Technologies found that they can catch chats or messages and can respond as if they were the intended recipient of services such as WhatsApp or Telegram.
The technical manager EMEA of Positive Technologies, Alex Mathews stated that “Chat applications such as WhatsApp, Telegram, and others use SMS verification based on text messages using SS7 signalling to verify the identity of users/numbers”.
Moreover, the technical manager EMEA of Positive Technologies, Alex Mathews also added that “SMS authentication is one of the major security mechanisms for services like WhatsApp, Viber, Telegram, Facebook, and is also part of second-factor authentication for Google accounts, etc. Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume the identity of the legitimate user. So, if the chat history is stored on the server, this information can also be retrieved, according to Positive Technologies”.
The most alarming part is that a potential hacker does not even need any advanced equipment for such a hack, as they can use a Linux-based computer and a publicly available SDK to perform such a hack. Hence, the experts of the security company Positive Technology demonstrated that how a hacker can perform such a hack with a popular Linux based computer and a publicly available SDK. As in the earlier the german researcher Tobias Engel has also shown in the past how the location of a mobile phone could be determined by using the SS7 loophole.
The security company Positive Technology also revealed that the top 10 telecommunications companies are vulnerable to these attacks and a skilled hacker would be able to execute additional attacks using the same methods. Hence, the technical manager EMEA of Positive Technologies, Alex Mathews stated “If telecom and network operators protect their core telecom networks, it will improve the security of customers, but that’s not going to happen overnight. Service providers such as WhatsApp need to consider introducing additional mechanisms to verify the identity of users to stay secure”.