A group of experts from the cybersecurity company Check Point has discovered a security flaw in WhatsApp that allows third parties to read and modify messages.
The new vulnerability gives criminals new tools to use the application for malicious purposes. According to the report, a malicious user can take advantage of this WhatsApp Bug, a security flaw to intercept and modify messages sent to both private and group conversations.
Because of this, attackers can create and spread disinformation through apparently reliable sources. Previously there was news that group chats can be spied on, but it’s different this is altering your messages.
With more than one billion groups and 65 billion messages sent daily, WhatsApp is the most used and popular instant messaging app in the world. For this reason, the platform is one of the preferred targets for cybercriminals to spread malware, scams and false news, forcing users to be very careful not to fall into the traps of attackers by this WhatsApp bug.
How it is Possible
The team of researchers explains that it has detected up to three methods that use social engineering tactics that allow us to take advantage of this WhatsApp bug. In this way, an attacker can exploit the security flaw to do the following:
- Use the citation function in a group chat to change the sender’s identity, even if the person is not a member of the group.
- Alter the text of a person’s response.
- Send a message to a member of a WhatsApp group that is apparently private, but which, if answered, is visible to all group chat participants.
The security company’s experts have informed WhatsApp of their findings. Carl Woog, a spokesman for the platform, said in The New York Times that What Check Point has discovered has nothing to do with the security of encryption, end-to-end WhatsApp, which ensures that only the sender and the recipient can read the messages.
WhatsApp told the NYT that it was not aware of the technique being used in the wild, and a cure would be worse than the problem, while the company is focusing on users’ security by implementing new features, such as a recent forward sticker.
“One solution would be to create transcripts of every message exchange to verify the accuracy of every quote. Creating such a transcript is a significant privacy risk because those accounts of what people wrote to each other must be stored somewhere”, the company said.
Therefore, WhatsApp has played down the vulnerability communicated by security researchers and points out that potential corrections could harm the privacy of the service and that it is not worth trying to implement them.