WhatsApp, world’s leading cross-platform instant messaging client for smartphones got hacked by 21 years old security researcher – Balachandar Karthikeyan. This messaging service have a lot of features, but it always come with big responsibility. Since they got acquired by Facebook, they provide bug bounty and WhatsApp platform is under the scope of Facebook’s security.
The vulnerability was affecting feature for quoting messages stored in Android. Balachandar was able to change quoted message. He was able to quote messages that has never been sent by another participant in chat. So here’s how it looks when Balachandar exploited this vulnerability:
This is not the first time that Balachandar found security issue in WhatsApp, in March 2016 he was rewarded by WhatsApp’s co-founder Brian Acton. Balachandar reported more than 35 security issues in WhatsApp application.
Exploiting this vulnerability was not simple. The attacker have to modify the source code of the android application in order to spoof quoted messages. Since Balachandar is professional Android Developer, it wasn’t problem for him. The vulnerability is still not patched, but they are working on it. We hope it will be patched very soon and provide bug bounty for researcher who found this security issue and actively improving security.
Also Read: