Security vulnerabilities on WhatsApp aren’t a common occurence but there’s news about one such flaw which will definitely worry you.
Researchers from Israeli cybersecurity firm, Check Point have demonstrated a long-standing flaw with WhatsApp, that allows hackers to alter the text within quoted messages, so as to make it look as if a person had said something they did not.
The tool also allows an attacker to change how the sender of the message is identified, making it possible to attribute a message or comment to a different source.
A third issue highlighted by researchers has been successfully fixed by Facebook. That flaw could trick users into believing they were sending a private message to one person, when in fact their reply went to a more public group.
The flaw was revealed at the Black Hat conference, and to make matters worse it seems that Facebook was informed about the vulnerability over a year ago but has failed to patch it.
Check Point Research revealed their findings in a press release and also posted a video showcasing how the vulnerability can be exploited. With this security flaw, attackers can essentially create and spread misinformation and make it appear as if it came from authentic sources. The firm was able to capture an outgoing message from WhatsApp and decrypt it. Then they could alter the contents at will and then encrypt it to send it forward.
Responding to the matter, Facebook in a statement to the BBC stated, “We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp.”
“The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write,” the statement added.