Hence, both messaging services claim to offer end-to-end encryption for chats. But, recently, the security experts of Positive Technologies found that they can catch chats or messages and respond as if they were the intended recipient of services such as WhatsApp or Telegram.
Now Hackers Can Imitate Victims And Can Reply To WhatsApp Chats
The technical manager of EMEA of Positive Technologies, Alex Mathews, stated, “Chat applications such as WhatsApp, Telegram, and others use SMS verification based on text messages using SS7 signaling to verify the identity of users/numbers”. Moreover, the technical manager EMEA of Positive Technologies, Alex Mathews, added that “SMS authentication is one of the major security mechanisms for services like WhatsApp, Viber, Telegram, Facebook, and is also part of second-factor authentication for Google accounts, etc. Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume the identity of the legitimate user. So, if the chat history is stored on the server, this information can also be retrieved, according to Positive Technologies”. The most alarming part is that a potential hacker does not even need any advanced equipment for such a hack, as they can use a Linux-based computer and a publicly available SDK to perform such a hack. Hence, the experts of the security company Positive Technologies demonstrated how a hacker could perform such a hack with a popular Linux-based computer and a publicly available SDK. As earlier german researcher Tobias Engel has also shown in the past how the location of a mobile phone could be determined by using the SS7 loophole. The security company Positive Technology also revealed that the top 10 telecommunications companies are vulnerable to these attacks and a skilled hacker would be able to execute additional attacks using the same methods. Hence, the technical manager of EMEA of Positive Technologies, Alex Mathews, stated, “If telecom of and network operators protect their core telecom networks, it will improve the security of customers, but that’s not going to happen overnight. Service providers such as WhatsApp need to consider introducing additional mechanisms to verify the identity of users to stay secure”.