New Delhi: WhatsApp last month announced that it was turning on end-to-end encryption for every one of its 1 billion users. It was a historic achievement as the end-to-end encryption offered by WhatsApp kept your messages secure, or so it seemed.
It appears that the achievement of keeping private messages, photographs or videos sent using WhatsApp is probably not true. A group named WakeUpWhatsApp has claimed that the Facebook-owned messaging app is still not safe even after encryption.
The group has written an open letter to WhatsApp and has mentioned that companies are using web.whatsapp.com to loot financial details, confidential information, pictures, videos, and chats of a billion WhatsApp users.
Also, the group has given a detailed process of how companies steal information from the messaging app. Individuals scrap the QR code from the WhatsApp Web and then post that scrapped QR Code on their site/app. Then they ask visitors on their page to scan it from WhatsApp on their phone, in return offering some prize, cash to the users. Once a user is done with the scanning, these individuals get complete access to that person’s WhatsApp account.
Also read: Now you can video-call on WhatsApp. Here’s how to download this amazing feature
Although WhatsApp’s encryption, like Google, Facebook and most banks these days, rely on sending SMS messages to verify users, the method of verification uses an outdated system that is vulnerable to attack, which later allows hackers to impersonate their targets and, in the case of WhatsApp, lets cyber-thieves steal your chat histories and more.
Read the open letter here:
Dear WhatsApp,
Do you know that many individuals and companies with the sole intention to steal personal data of WhatsApp users have cropped up?
These individuals and companies are using web.whatsapp.com to loot the financial details, confidential information, pictures, videos, and chats of a billion WhatsApp users.
They do it easily, just by:
1. Scrapping the QR code from the WhatsApp Web
2.Posting that scrapped QR Code onto their phishing site/app
3.Asking visitors on their phishing page to scan it from WhatsApp on their phone, in return offering some prize, cash or anything that can lure a user
4.Once the user is done with scanning, these phishing individuals or companies get complete access to the user’s WhatsApp
1Group (An app based real estate broker’s network) is one of the examples which is doing this unscrupulous deed.
How dangerous it can become if any individual or company can get access to a large group of WhatsApp users? WhatsApp should look into this and identify if there is any breach of trust. If there is, then it should do something fast to rectify this situation. Otherwise personal and confidential information of a billion users is at stake and it can really cause a phishing bomb to explode with unimagined repercussions. Just think about if anti-national elements get into this phishing scam and what they can do with this.
#WakeUpWhatsApp
