ODIN aims to improve the world through a network of open source cooperatively built mobile applications with a focus on privacy and decentralization.

D uring a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. (Forbes.com)

Examining the Numbers

1 Year — The amount of time WhatsApp knowingly left their user-base vulnerable.

1,500,000,000–[1.5 Billion] Active users.

180 Countries hosting these active users.

23-The average number of times the average user checks WhatsApp daily.

29,000,000-[29 Million] Messages sent per minute by its user-base.

41,760,000,000-[41.76 Billion] Messages per day by its user-base.

1,252,800,000,000-[1.25 Trillion] Messages per month by its user-base.

15,242,400,000,000-[15.24 Trillion] Messages per year by its user-base.

Data provided by (99firms.com)

The numbers are staggering. 1.5 Billion users are checking an average of 23 times a day and sending a mind-blowing 29 million messages per minute, leaving more than 15.24 trillion messages susceptible to the vulnerability.

Researchers at security software company Check Point said in August last year that they had discovered ways in which a malicious actor could alter messages in WhatsApp, “essentially putting words in [someone’s] mouth”, and also change the identity of the sender of content in a group chat. (FT.Com)

WhatsApp was initially made aware 12 months ago as seen in the first published video. The second of which shows the vulnerability still active as recently as 4 weeks ago.

What vulnerabilities were exposed?

Sender Identity Manipulation — The vulnerability allowed for malicious parties to change who said what in a group text. Imagine someone you were conversing with said something unsavory; the vulnerability allowed for an ill intending third party to change the sender’s identity show as if you had sent out the not so choice words and the potential repercussions of such.

Message Text — Not only did the vulnerability allow for the identity of the “sender” to be manipulated, but the text in the message itself was also susceptible. In the video above, it shows the message content being changed to reflect modified financial terms in an employer-employee conversation, potentially leaving the employee in a position of strength should this be brought to arbitration or something of that nature.