WhatsApp has come under fire recently for the viral spread of fake news on its platform and it’s started taking steps to combat this. However, security firm Check Point Research claims that there’s a massive security flaw inherent in its system which could make the spread of misinformation much easier.
Hackers can use these gaps to their advantage by intercepting and then altering messages sent in one-on-one and groups chats. The vulnerability is pretty complex, but it basically boils down to using security protocols within WhatsApp Web to catch messages in their encrypted state.
This is followed up by decryption to read the conversation and find out the identity of the sender. Check Point made its own extension to view these messages. WhatsApp claims it can’t read texts since all chats are end-to-end encrypted, but there seems to be a way around that.
WhatsApp Hack Methods
Once the missive is decoded, the attacker is free to manipulate it as they see fit. One way is to utilize the quote feature in a group conversation to switch the identity of the sender. The hacker can do this even if that individual isn’t a member of the group. Another is to change the text of a message without the sender finding out.
A third way is to send a private message to a group member which is disguised as a public message for all. When the victim responds, everyone can see their reply. It’s easy to see how any of these tactics can be used to spread dangerous messages and confuse a whole lot of people.
WhatsApp has released a statement on the matter, but it doesn’t believe the vulnerability is a great threat. It says it reviewed the issue and sees it as “the equivalent of altering an email to make it look like something a person never wrote.”
That sounds like a pretty serious problem, but it doesn’t look like the WhatsApp is going to do anything about it. We’ll let you know if it changes its mind.