Last year, security researchers publicly posted WhatsApp vulnerability. The trick allows hackers to alter a user’s conversation. However, Facebook is yet to fix the flaw. This year, researchers have taken a step further and developed a WhatsApp Protocol Decryptor tool. This tool can be used to decrypt any WhatsApp conversation. The worst thing is this tool is made public.
Hence, using this tool, any attackers can decrypt any conversation and subsequently manipulate it according to its preference. This tool is created by reverse engineering WhatsApp code and decrypting its protocol.
In simpler terms, WhatsApp uses “protobuf2 protocol” to decrypt its conversation. Attackers can change your protobuf2 data to JSON, this makes your conversation visible to them, and they can manipulate them. The researchers released a video detailing how an attacker can exploit this vulnerability in three different ways. This tool is available for download at GitHub link.
Facebook hasn’t released any fix for this yet!
It’s been over a year since the WhatsApp vulnerability was made public, but Facebook hasn’t acted on it, and it seems like they are not interested in finding a suitable fix. They issued a statement and said the fix owed ‘infrastructure limitations.’ They have defended their steps by saying this is similar to email altering and taking steps on this issue will make WhatsApp less private.
They have maintained silence on the Decrypted tool as of yet. It is dangerous that a decryptor tool for a messaging app is accessible to many. It seems like Facebook will say the rhetoric they did last year. However, with growing concern over Fake news and manipulation, Institute like Facebook should take responsibility and patch solution to an app which has more than 1.5 billion users. Let’s hope they work on the patch the vulnerability.
