Tech

How hackers use WhatsApp to spread scams and fake news

Published

6 years ago

August 15, 2018

Edited by Fundisiwe Maseko

Check Point researchers have discovered a vulnerability in WhatsApp that allows a threat actor to intercept and manipulate messages sent by those in a group or private conversation. By doing so, attackers can put themselves in a position of immense power to not only steer potential evidence in their favour, but also create and spread misinformation.

The vulnerability so far allows for three possible attacks:

1. Changing a reply from someone to put words into their mouth that they did not say.
2. Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
3. Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.

Make It Go Viral

As of early 2018, the Facebook-owned messaging application currently has over 1.5 billion users with over one billion groups and 65 billion messages sent every day. According to a report by global digital agencies, mobile users accounted for 172 million, most of whom used only two Facebook-owned platforms: WhatsApp and Messenger.

In addition, WhatsApp also has plans to roll out additional functionalities for businesses to help them do commerce and manage customer support through the app. Vulnerabilities such as the ones described above make the potential opportunities for scamming rife.

WhatsApp with the Fake News?

Due to its very nature of being an easy and quick way to communicate, WhatsApp has already been at the center of a variety of scams. From fake supermarket and airline giveaways to election tampering, threat actors never tire of ways to manipulate unsuspecting users.

In fact, the ability to social engineer on a mass scale was already seen at a level where even people’s lives were at stake. In Brazil, rumors quickly spread on WhatsApp about the dangers of receiving a yellow fever vaccine – the very thing that could have stopped an epidemic of the deadly virus during its 2016 rampage that infected 1500 people and killed almost 500.

More recently, last month vicious rumors, also spread via WhatsApp, led to a spate of lynching and murders of innocent victims in India.

WhatsApp is also taking an increasingly central role in elections, especially in developing countries. Earlier this year, again in India, WhatsApp was used to send messages, some of which were completely false.

Ultimately, social engineering is all about tricking the user and manipulating them to carry out actions they will later regret. With an ability to manipulate replies, invent quotes or send private messages pretending to be group ones, as seen in this research, scammers would have a far greater chance of success and have yet another weapon in their arsenal.

What’s more, the larger the WhatsApp group, where a flurry of messages are often sent, the less likely a member would have the time or inclination to double check every message to verify its authenticity, and could easily be taken in by the information they see. As already seen by spam emails that fake the sender’s name to appear to be from a source the receiver trusts, this latest vulnerability would allow for similar methods to be used though from a totally different attack vector.

How to Protect Yourself from Misinformation

While there are no security products that can yet protect users from these types of deceptions, there are several ideas to keep in mind to avoid being a victim of fake news, conspiracy theories and online scams in general.

If something sounds too good to be true, it usually is. And likewise, if something sounds too ridiculous to be true, it probably is.

Misinformation spreads faster than the truth. Although you may be seeing the same news from multiple sources, this does not make it more factual than were it to come from a single source.

Check your ‘facts’. It is recommended to cross check what you see on social media with a quick online search to see what others may be saying about the same story. Or even better, do not get more of your news from social media websites at all.

Click to comment

Tech

Kenya’s ticketing startup BuuPass partners Flexpay for flexible travel payments

Published

2 days ago

December 19, 2024

Isaac Dachen

Kenyan digital ticketing startup, BuuPass, has entered into a partnership with goal-based savings platform, Flexpay, to offer customers flexible payment plans ahead of holiday travels as well as simplify travel planning and ease the financial burden of holiday travel for Kenyans.

Co-founder and CEO at Buupass, Sonia Kabra, who unveiled the package at a press conference, said the collaboration between the two platforms will allow travellers to save for their journeys in manageable, interest-free installments over four to 12 weeks.

“Travelers can select their travel dates, book tickets, and pay a small deposit upfront, with the remaining balance spread across weekly or monthly payments,” she said.

“This approach offers a stress-free way for families and large groups to secure their tickets early, helping them avoid last-minute price hikes as fares are locked in.

“By partnering with Flexpay, we’re giving travelers the flexibility to budget for their trips in advance. This initiative aligns with our mission to make travel accessible to everyone, providing a solution that meets customers where they are financially,” said Kabra.

Also speaking at the event, Richard Machomba, CEO and founder of Flexpay, said:

“Flexpay’s mission is to empower individuals by providing accessible financial solutions that make it easier for them to achieve their financial goals.

“By partnering with BuuPass, we’re making travel more accessible and stress-free for Kenyans, especially during the holiday season when expenses can be overwhelming,” Machomba added.

Founded in 2016 by Kabra and Wyclife Omondi, BuuPass is a B2B2C mobility marketplace that enables users to search, compare, and book travel tickets via web, app, or USSD, while its SaaS platform helps bus operators manage their operations, inventory, and sales.

FlexPay, on the other hand, is an online and offline payment gateway that allows merchants to offer interest-free targeted savings to their customers in Africa.

Tech

DR Congo sues tech giant Apple over illegal mineral exploitation

Published

3 days ago

December 18, 2024

Isaac Dachen

The Democratic Republic of Congo (DRC), has filed a criminal case against the European subsidiaries of tech giant, Apple, accusing them of illegal mineral exploitation and allegedly using “blood minerals” in its supply chain.

In the suit filed on Tuesday, the DRC alleges that Apple has bought contraband supplies from the country’s conflict-ladden east and Rwanda, zones in which it allege the materials are mined illegally and then integrated into global supply chains before ending up in tech devices.

The DRC suit specifically mentioned Apple subsidiaries in France and Belgium, accusing the tech giant of using conflict minerals in its supply chain.

The DRC is a major source of tin, tantalum, and tungsten which are used in electronic devices, with some mines controlled by armed groups responsible for human rights violations.

International lawyers representing the African country’s government have accused Apple’s local subsidiaries of taking these minerals from conflict areas and laundering them through international supply chains, with one lawyer telling journalists that Belgium had a moral duty to act given its history of exploiting the country’s resources under colonial rule.

However, in its response, Apple claims it conducts supplier audits and does not directly source primary minerals.

https://www.thenews.com.pk/print/1262670-dr-congo-sues-apple-over-alleged-illegal-mineral-exploitation