WhatsApp users are being warned of a newly-discovered flaw that lets hackers infiltrate your private messages and group chats.
According to a new report from CNET, researchers have uncovered security shortcomings in WhatsApp that create a means for hackers to intercept and manipulate messages sent in both private and group conversations.
Israeli cybersecurity firm Check Point discovered that an attack begins by intercepting the victim’s message through a modified version of WhatsApp Web. The attacker can modify both the content of the message and the sender to trick the application. Only that person will be able to see the falsified version of the message, but if they later quote it with the “Reply” button, all the group participants will receive it as well.
“Given WhatsApp’s prevalence among consumers, businesses, and government agencies, it’s no surprise that hackers see the application as a five-star opportunity for potential scams,” Oded Vanunu, Check Point’s Head of Product Vulnerability Research stated about these findings. “As one of the main communication channels available today, WhatsApp is used for sensitive conversations ranging from confidential corporate and government information to criminal intelligence that could be used in a court of law.”
Using these techniques, attackers can manipulate conversations and group messages in order to change evidence and spread fake news and misinformation.
WhatsApp acknowledged to the New York Times that this technique allows manipulating appointments, but does not consider it a failure: the system works as expected; otherwise, it would have to verify each message on the server side, which would generate “a huge risk of privacy or a jam in the service”. Instead of fixing the problem, the company tries to eject anyone using a pirated version of WhatsApp from the platform.
To check if an appointment has been altered, you can click on it or touch it with your finger: WhatsApp will take you to the original message without modification.
The report of the flaw comes as the Facebook-owned company is coming under increasing scrutiny as a means of spreading misinformation due to its popularity and convenience for forwarding messages to groups.
Last month, the app announced limits of forwarding messages following threats by the Indian government to take action after more than 20 people were murdered after being accused of child kidnapping and other crimes in viral messages circulated wildly on WhatsApp.