The Diligent team Image
The Diligent team
GRC trends and insights

The dangers of WhatsApp for board communication

August 21, 2018
0 min read
Person reviews the risks behind WhatsApp for board communication

Less than a year after authorities discovered that individuals had allegedly leaked price-sensitive information, including financial results before they were officially announced, using WhatsApp, the Facebook-owned corporation is facing yet another scandal. Check Point Software Technologies reported that they had discovered a flaw in the WhatsApp software that allows users to retrieve sent messages and resend them after altering the content and changing the identity of the sender.

Facebook purchased WhatsApp for $19 million in 2014. The popular messaging app allows for group chats with up to 256 people and has 1.5 billion users worldwide. WhatsApp has become one of the most popular messaging apps, partly because individuals like its simplicity and security. Even the company isn't able to access the content of its users' messages.

Educated internet users are aware that anything they send over the internet can be copied and preserved forever. The new concerns over the WhatsApp design are alarming because original messages can be altered to take on an entirely different meaning than what the original user intended, and the altered messages could be captured and preserved forever.

Is It a Flaw or a Design Issue Without an Appropriate Fix?

While testing the WhatsApp software design, Check Point Software Technologies created an altered version of WhatsApp. IT specialists say they uncovered a flaw in the design.

One of the popular features of WhatsApp is something called a 'quote.' The quote feature lets an individual chatting with others retrieve and display a past message and include it when they reply to the rest of the group. The design of WhatsApp allows hackers to create an altered version of the app that allows them to change the message or the identity of the sender. Another issue with the design is that an individual may send a message to another individual in a group chat and that individual may be tricked into believing that the whole group can see the message.

What Does WhatsApp Have to Say in Response?

In their response, WhatsApp says that their design doesn't have a flaw at all, and that the app works exactly as they intended it to. They agreed that someone could manipulate the feature, but they rebuked any recommendations to resolve the issue. They liken these types of incidents to hackers being able to alter the content of an email message.

WhatsApp reasons that if they had to verify every message on the platform, it would create an enormous privacy risk and bog down the service. This fix would require WhatsApp to store messages somewhere, and that would open up additional opportunities for hackers. Other fixes didn't seem practical either.

WhatsApp answered its critics by saying they'd work to find and remove users who use fake WhatsApp profiles to deceive other users. WhatsApp also said they'd be putting limits on how widely users would be able to share a message to different groups and attach labels when a message has been forwarded. They clarified that these enhancements were not being developed in response to the issues that Check Point raised.

WhatsApp explained how the nature of the app reduces the concerns that Check Point raises. WhatsApp indicates that most people know the others with whom they chat. WhatsApp adds that about 90% of the messages on their app are one-on-one conversations and the majority of group chats include six people or fewer. WhatsApp believes these reasons make it less likely that an unknown person could interfere or mask themselves as someone else.

WhatsApp wants users to know what they can do to protect themselves while using their app. First, individuals can check to see whether a quote is valid by clicking on it. This action takes them back to the point in the chat when the message was originally sent as long as the person was a participant in the chat when the message was sent and as long as the message wasn't deleted.

Check Point agrees with WhatsApp that this is not a security issue. WhatsApp uses end-to-end encryption, which is a security feature that ensures that only the sender and the receiver can read their messages.

A Hint of Potential Trouble From the Design of WhatsApp

Issues have come forth in certain countries around the world as a result of the WhatsApp design feature. These real-world examples prove the devastating effects that could result from spreading misinformation.

WhatsApp users in India started rumors that a group of people were child abductors and kept those rumors circulating for almost two weeks. Rumors alleged that a group of men arriving on a bus in Dhule were the kidnappers. The men were later identified as a group of poor agricultural workers from a nearby district. A crowd of almost 3,000 people looked on as 40 individuals attacked the farm workers and lynched five of them. CNN reports that it was the fourth time in recent weeks that WhatsApp discussions had incited violence in India.

In Brazil, WhatsApp learned of false stories that their users spread on the app. The stories allege that people were having deadly reactions to vaccines for yellow fever, which turned out not to be true at all.

These may be isolated incidents, as WhatsApp and Check Point agree that they haven't seen regular users creating fake quote messages in their chats. Still, the incidents in India and Brazil indicate the need for reviewing the app's design and implementing any possible safeguards to eliminate potential serious incidents, such as those that occurred in India and Brazil.

A New Enhancement on Diligent Messenger Prevents Security Issues

Diligent Messenger is part of the Governance Cloud ecosystem. It's a secure messaging platform designed specifically for boards of directors to ensure confidentiality. It operates much like chatting and text-messaging programs, but without the security risks that are inherent with public use email and chat programs.

Diligent Messenger now has a new feature for secure attachments.

Diligent users can now download sensitive documents and attachments right within the Diligent board management system. This feature eliminates the risks associated with downloading files on board members' personal computers. Files are protected with the highest levels of security, which mitigates the risk of potential hackers. Diligent delivers peace of mind with state-of-the-art encryption, data storage, access controls and more.

Diligent's enterprise governance management software system alleviates the risk of using unsecured emails, unsecured messaging and unsecured attachments.

Furthermore, there's no need for boards to worry about cyberattacks when they can conduct all aspects of their board business within the safety and security of the Governance Cloud ecosystem.


Your Data Matters

At our core, transparency is key. We prioritize your privacy by providing clear information about your rights and facilitating their exercise. You're in control, with the option to manage your preferences and the extent of information shared with us and our partners.

© 2024 Diligent Corporation. All rights reserved.