A simple, freely available third-party app can break through an encrypted WhatsApp message database and alter the conversations in just two steps
Did you know that WhatsApp is not secure enough? Shocking, but true, your WhatsApp messages that are stored on your smartphone can be read and manipulated very easily.
Take the below screenshots as a classic example where Rani has manipulated her boss Ashok's messages and could try to blackmail him thereafter. Rani is Ashok's secretary and she was asked one day by her boss to meet him up on a coffee to discuss some important office work. The conversation happened on WhatsApp and the time for the meet was fixed. Below is the conversation screenshots between the two. In the screenshot, the phone on the left is Rani's and the one on the right is Ashok's.
The next day at office, Rani went into his cabin. To his surprise, he was shown the WhatsApp conversation between the two on her phone and the next moment he started sweating. The screenshot below (Rani's phone on the left) was what Rani showed him. (Check the changes marked in red boxes)
Rani's next move was to extort money from him, threatening him that she will report the incident to the management, his wife and the police.
Even though Ashok argued that the conversation on her phone was not true, there was little that he could do about it as no one would trust his version as the WhatsApp conversation on her phone looks legit. Rani's boyfriend is a techie and had a hand in doctoring the messages on her phone. He showed her how easy it was to do so with a simple free hacking app installed on her phone.
The above scenario is a fiction story, but could turn out to be a nightmare if it comes true to anyone. Beware! This could happen to you too.
WhatsApp has a built-in secure method to store all messages and conversations in encrypted files. You simply cannot read the messages or edit them with regular software and applications. WhatsApp stores all the data in multiple files named msgstore.db, and msgstore.db.crypt8 respectively. Previously, it was storing it in an older format (msgstore.db.crypt7), which was easily decrypted by various backup apps and third-party apps, which allow a user to read the messages in it. Now that WhatsApp uses the new encryption for higher security, it seems that hackers and developers are one step ahead of the tech giant and have managed to get a breakthrough.
A third-party application is available online (not available on Google Play), which can easily open the encrypted database and edit the contents inside it. The app free to download, is available on third-party app stores and pirated servers, is very simple to use and anyone can download and use it. The only requirement for the app to work is a rooted Android smartphone.
Here is how 'Rani' managed to doctor the messages to extort 'Ashok':
As you see above, the app is very easy to use. Simply run the app and tap on the conversation. The entire conversation will open up in a new window. By tapping each conversation on the list and tapping the edit icon, Rani managed to change the existing letters and also add more text. Once done, Rani saved it and the app will writes it back to the encrypted database. Voila! Rani has successfully managed to doctor the entire conversation, making him look like a clown and making some easy money in a few minutes.
What we would like to highlight here is that WhatsApp is not entirely secure. Though the messages on the phone on the other end of the conversation will not be altered, one can still be in trouble. The hacking app in question is not mentioned here for security purposes, though there could be many out there who would already know about it or are already using it to play pranks on others or probably for their dirty work.
Developers at WhatsApp need to know that they have to develop some foolproof method to store the conversations. Third-party applications can easily gain access to the database and do bad stuff. The app can also help the user read (and alter) messages, in the background, in the database without actually opening the WhatsApp message in the foreground. What this means is the messages usually release message read information out to the sender to get the blue ticks. Blue ticks means that your message had been read by the other party. The hacking app can open the message and prevent WhatsApp from sending the blue tick to the other end.
Therefore, henceforth you should be careful on what you chat on WhatsApp-it could land you in big trouble.
Disclaimer: The above story of Rani and Ashok is fictional. The hacking app mentioned in the article was downloaded from a third-party app store for free. The name of the app is not mentioned for security purposes. We downloaded the third-party app and used a rooted Android phone to doctor the fictional WhatsApp conversation that show as screenshots in this article.
Source : Deccan chronicle
No comments:
Post a Comment