Now Reading
A Security Firm has discovered a security Flaw in WhatsApp that allows hackers to alter Messages

A Security Firm has discovered a security Flaw in WhatsApp that allows hackers to alter Messages

A cybersecurity firm has discovered a flaw in WhatsApp that allows hackers to intercept and manipulate messages – potentially changing the identity of a message sender or altering their text.

Attackers could literally “put words in [someone’s] mouth,” Israeli firm Check Point Research said in a press release on Wednesday. It added that this gives the attacker the power to “create and spread misinformation from what appear to be trusted sources.”

Check Point reversed WhatsApp’s encryption algorithm and decrypted the data. Once it did so, it was able to see all the parameters that are sent between the web and mobile version of WhatsApp and manipulate this data.

So, for example, if it wanted to change your message, it captures the outgoing message from WhatsApp, decrypts the data, changes it to whatever it wants it to say, and then encrypts it back.

The Facebook-owned messaging app has more than 1.5 billion users and is used in 180 countries around the world; the average user checks the app 23 times a day. So, the potential for online scams, rumors, or fake news is huge, Check Point said.

While Facebook has fixed one of the flaws it identified – the ability for a hacker to send a private message to another group participant that is disguised as a public message – Check Point said two others remain unresolved.

One uses the “quote” feature in a group conversation to change the identity of the message sender. The second lets a bad actor manipulate the text of someone else’s reply.

Facebook did not immediately respond to Business Insider’s request for comment.

See Also

To raise awareness, Check Point has launched a tool that enables users to carry out the manipulations and see what these flaws look like in real life, according to the Financial Times.

“We think this is our obligation to escalate this,” Oded Vanunu, head of product vulnerability research at Check Point Research, told FT.

The news comes just months after WhatsApp confirmed that it had been hacked in May by bad actors who installed spyware on an unknown number of people’s smartphones, giving them access to their information such as location data or private messages.

What's Your Reaction?
In Love
Not Sure
View Comments (0)

Leave a Reply

Your email address will not be published.

Scroll To Top