Lowvelder investigates: WhatScan abused by hackers

WhatsApp, a smartphone application long revered for its high standards of privacy, is not a foolproof way of sending a confidential message.

An application called WhatScan offers WhatsApp users the ability to use one WhatsApp account on two devices. In the wrong hands, this application becomes a hacking tool.

This is best illustrated through a hypothetical scenario. The hacker is Pete and his victim is Sue. Both are WhatsApp users.

Step 1
Peter downloads WhatScan from the Play Store on his cellphone. It generates a QR code (a two-dimensional bar code that identifies and gives web users access to certain content).

Step 2
Pete opens Sue’s WhatsApp on her cellphone (perhaps when she is not looking). He uses her built-in WhatsApp Web QR scanner to capture his WhatScan QR code displayed on his screen.

Step 3
A duplicate of Sue’s WhatsApp opens up on Pete’s screen. He can now send and receive messages as if he were Sue. She is able to see the messages, and if he reads it before her, it will be displayed as “read” – but she will not know by who.

This process can of course also be performed with the person’s consent. Sending messages to such a person is not as private as you might think.

The practice of hacking is illegal. In terms of the Protection from Harassment Act, doing so constitutes harassment. It is also the unjustified abuse of the victim’s constitutional right to privacy.

What relief may be sought by the victim?
The Harassment Act provides for the granting of a protection order that bars the perpetrator from future hacking. Should he do it again, he may be arrested immediately and criminally charged for contravening a protection order. The abuse of basic human rights, such as the right to privacy, can be reported to the Human Rights Commission.
The commission may facilitate laying charges in an Equality Court. These courts have previously sentenced human rights violators to community service and may order that the hacker pay a fine.
The victim of a privacy violation may also approach a civil court if the violation has caused him financial, physical or emotional damage. If the victim’s claim is successful, the perpetrator may be ordered to pay damages to the victim.

  AUTHOR
Helene Eloff and Mireille de Villiers

Latest News

COMMENTS

Top
Next Story x
TRAC urges drivers to avoid N4 near eMalahleni