WhatsApp users have been warned to be vigilant against a new security flaw. It could allow the outsider to intercept and alter messages. Researchers at Israeli cybersecurity firm said that they had found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the popular social messaging app.
Checkpoint said the vulnerability gives a hacker the possibility “to intercept and manipulate messages sent by those in a group or private conversation” as well as “create and spread misinformation”.
WhatsApp said in the statement –
“We carefully reviewed this issue and it’s the equivalent of altering an email to make it look like something a person never wrote. This claim has nothing to do with the security of end-to-end encryption. It ensures only the sender and recipient can read messages sent on WhatsApp.”
WhatsApp has over 1.5 billion users worldwide, with over 65 billion messages sent every day. It provides a huge potential attack vector for criminals looking to take advantage of this flaw. The vulnerability concerns WhatsApp’s encryption process. It is meant to protect every message, picture, call, video or other content sent in chats.
When Checkpoint team decrypted, they came up with the truth. WhatsApp’s protocol could be converted and accessed. It also allowed them to see exactly what rules were being used. They could change them according to their liking.
This could allow hackers to alter the text of someone else’s reply to a group chat, essentially putting words in their mouth, or use the “quote” feature in a group conversation to change the identity of the sender.
Hackers could also send a private message to another group participant disguised as a public message for all. When the targeted individual responds, it’s visible to everyone in the conversation.
WhatsApp recently placed a limit on forwarding content. It also added a label to forwarded messages. WhatsApp made a series of changes to group chats. They wanted to tackle the challenge of misinformation. The issue appears limited to a discussion among security experts. WhatsApp should fix this issue as soon as possible.