Tech

How hackers use WhatsApp to spread scams and fake news

Published

6 years ago

August 15, 2018

Edited by Fundisiwe Maseko

Check Point researchers have discovered a vulnerability in WhatsApp that allows a threat actor to intercept and manipulate messages sent by those in a group or private conversation. By doing so, attackers can put themselves in a position of immense power to not only steer potential evidence in their favour, but also create and spread misinformation.

The vulnerability so far allows for three possible attacks:

1. Changing a reply from someone to put words into their mouth that they did not say.
2. Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
3. Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.

Make It Go Viral

As of early 2018, the Facebook-owned messaging application currently has over 1.5 billion users with over one billion groups and 65 billion messages sent every day. According to a report by global digital agencies, mobile users accounted for 172 million, most of whom used only two Facebook-owned platforms: WhatsApp and Messenger.

In addition, WhatsApp also has plans to roll out additional functionalities for businesses to help them do commerce and manage customer support through the app. Vulnerabilities such as the ones described above make the potential opportunities for scamming rife.

WhatsApp with the Fake News?

Due to its very nature of being an easy and quick way to communicate, WhatsApp has already been at the center of a variety of scams. From fake supermarket and airline giveaways to election tampering, threat actors never tire of ways to manipulate unsuspecting users.

In fact, the ability to social engineer on a mass scale was already seen at a level where even people’s lives were at stake. In Brazil, rumors quickly spread on WhatsApp about the dangers of receiving a yellow fever vaccine – the very thing that could have stopped an epidemic of the deadly virus during its 2016 rampage that infected 1500 people and killed almost 500.

More recently, last month vicious rumors, also spread via WhatsApp, led to a spate of lynching and murders of innocent victims in India.

WhatsApp is also taking an increasingly central role in elections, especially in developing countries. Earlier this year, again in India, WhatsApp was used to send messages, some of which were completely false.

Ultimately, social engineering is all about tricking the user and manipulating them to carry out actions they will later regret. With an ability to manipulate replies, invent quotes or send private messages pretending to be group ones, as seen in this research, scammers would have a far greater chance of success and have yet another weapon in their arsenal.

What’s more, the larger the WhatsApp group, where a flurry of messages are often sent, the less likely a member would have the time or inclination to double check every message to verify its authenticity, and could easily be taken in by the information they see. As already seen by spam emails that fake the sender’s name to appear to be from a source the receiver trusts, this latest vulnerability would allow for similar methods to be used though from a totally different attack vector.

How to Protect Yourself from Misinformation

While there are no security products that can yet protect users from these types of deceptions, there are several ideas to keep in mind to avoid being a victim of fake news, conspiracy theories and online scams in general.

If something sounds too good to be true, it usually is. And likewise, if something sounds too ridiculous to be true, it probably is.

Misinformation spreads faster than the truth. Although you may be seeing the same news from multiple sources, this does not make it more factual than were it to come from a single source.

Check your ‘facts’. It is recommended to cross check what you see on social media with a quick online search to see what others may be saying about the same story. Or even better, do not get more of your news from social media websites at all.

Click to comment

Tech

Tanzania to host 6th Ocean Innovation Africa summit in February

Published

23 hours ago

November 20, 2024

Isaac Dachen

Dar es Salaam, Tanzania, has been selected to host the sixth edition of the Ocean Innovation Africa (OIA) summit from February 24-28, 2025, as a flagship event within Regenerative Ocean Week.

The Ocean Innovation Africa is set to be Africa’s most significant platform for Ocean Innovation conservation, and sustainable development in the blue economy. OIA2025 will be co-organised with leading partners, including IUCN, GIZ, OceanHub Africa, Catalyze and the Ocean-Climate Platform.

With the theme, “Science-to-Solution”, the Regenerative Ocean Week will present a line-up of sessions designed to bridge the gap between scientific research, business innovation, policy, and community engagement.

According to the organizers of the event, it will bring together African ocean innovators, investors, researchers, policymakers, and community leaders to explore practical solutions that can be applied across the continent.

“These include the OIA Pitch Competition, which is a platform for Africa-based startups and entrepreneurs to showcase breakthrough ideas in ocean-impact solutions, allowing them to connect with investors and industry leaders and emphasizing Africa’s role in driving sustainable ocean initiatives,” the organizers said in a statement.

Tech

Orange Egypt earmarks $52.7m to support African startups

Published

2 days ago

November 19, 2024

Isaac Dachen

Orange Egypt has earmarked the sum of $52.7 million to support African startups in what is going to be the largest investment to drive a youth-focused tech revolution.

According to the company, the mammoth investment will see over 40 startups benefitting from the funds, with most of them being Egyptian companies.

‘It’s a boost for Egypt’s growing entrepreneurial ecosystem and a step closer to cementing its spot as a top startup hub in Africa,” the company said in a statement.

The investment is coming on the heels of the telco signing a deal with the Egyptian government to roll out the second phase of its 5G licensing.

The statement noted that with Egypt’s startup game already strong and ranking as the third most funded country in the MENA region, “the numbers speak for themselves.”

“In 2022, Egyptian startups closed 143 funding deals worth nearly $766.7 million, outpacing the $606.79 million raised the year before.

“Plus over 2,100 startups employing more than 50,000 people, the country’s ecosystem is one of the top 10 emerging startup hubs globally.

“The Egyptian government is all in on this. And since launching initiatives like Egypt Ventures in 2017, they’ve been backing startups to drive innovation and growth in the tech space.

“Orange Egypt’s latest move only adds fuel to this already blazing fire, paving the way for more opportunities and a stronger startup culture across Africa,” it added.