During the Black Hat security conference held last week in Las Vegas, security researchers at Check Point discussed several flaws that they found in popular messaging app WhatsApp. The latter, as many of you probably already know, was acquired by Facebook in 2014 for a price north of $21 billion. One of the features that drive users to WhatsApp is its use of end-to-end encryption; this means that a message posted by a user cannot be read by anyone but the recipient. Even Facebook can’t see the message. But the flaws found by Check Point have some serious consequences for users.
Check Point also discovered that yet another flaw in WhatsApp could allow a hacker to disguise a public message as a private message. This could lull the recipient into thinking that his or her response will be private when in fact, it would be visible to others. When Check Point originally discovered these three issues last year and pointed them out to Facebook, the company was able to fix this particular problem although the first two flaws remain available for what Check Point calls “threat actors.”
So keep in mind that just because WhatsApp has end-to-end encryption, it doesn’t mean that there aren’t any flaws that can’t be exploited for evil reasons.