company:check point

Using WhatsApp to Spread Scams and Fake News

technical :
▻https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp
non-technical : ▻https://blog.checkpoint.com/2018/08/08/whatsapp-group-chat-fake-news-vulnerability

Check Point researchers have discovered a vulnerability in WhatsApp that allows a threat actor to intercept and manipulate messages sent by those in a group or private conversation. By doing so, attackers can put themselves in a position of immense power to not only steer potential evidence in their favour, but also create and spread misinformation.

The vulnerability so far allows for three possible attacks:

1. Changing a reply from someone to put words into their mouth that they did not say.
2. Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
3. Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.

En français:

▻https://www.tomsguide.fr/actualite/vulnerabilite-manipulation-messages-whatsapp,63985.html

Les chercheurs de Check Point Research se sont intéressés aux systèmes de cryptage utilisés par WhatsApp. Ils ont compris que la plateforme s’appuie sur le protocole “protobuf2 ”. En les convertissant en Json, ils ont réussi à déchiffrer les paramètres.

Cette découverte leur a permis de créer une extension spéciale et d’expérimenter 3 méthodes de manipulation, qui consistent à :

1. Envoyer un message privé à un autre participant et le transformer en message public à son insu. Quand il répondra, sa réponse sera visible par tous.
2. Modifier les messages échangés par les utilisateurs.
3. Changer l’identité de l’expéditeur à travers la fonction "citation" dans une conversation de groupe. L’astuce marche, même pour une personne qui n’est pas membre du groupe. L’extension spéciale leur offre également la possibilité d’intervertir les paramètres des participants.

Subtitle files can be abused for hijacking the device you are using to watch movies on

A team of researchers at Check Point has discovered vulnerabilities in four of the most popular media player applications such as VLC, Kodi, Streamio and Popcorn Time, which can be exploited by hackers to hijack “any type of device via vulnerabilities; whether it is a PC, a smart TV, or a mobile device” with malicious codes inserted into the subtitle files.

https://3.bp.blogspot.com/-o8jylHVWrKU/WSRpOQHbE-I/AAAAAAAAs0M/5gCljlLzHbsyyVlCq4uL37rmw8KUpFZ6ACLcB/s1600/Hacking-media-player.png

▻http://thehackernews.com/2017/05/movie-subtitles-malware.html

The vulnerabilities reside in the way various media players process subtitle files and if exploited successfully, could put hundreds of millions of users at risk of getting hacked.

As soon as the media player parses those malicious subtitle files before displaying the actual subtitles on your screen, the hackers are granted full control of your computer or Smart TV on which you ran those files.

▻http://blog.checkpoint.com/2017/05/23/hacked-in-translation

Our researchers were also able to show that by manipulating the website’s ranking algorithm, we could guarantee crafted malicious subtitles would be those automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain, without resorting to a Man in the Middle attack or requiring user interaction