Researchers revealed that security vulnerabilities in WhatsApp can allow hackers to intercept and manipulate user messages. Read on to know more…
Researchers from Israeli security company Check Point have identified three attack modes in WhatsApp which can be exploited to intercept and manipulate users’ messages. Apparently, these security issues were revealed to WhatsApp last year. However, they remain exploitable even after one year.
The three possible attack modes leverage social engineering tricks to fool users and to spread false information to different WhatsApp groups. These security issues could have various consequences such as the hackers can disguise a private message as a public message and send it to a participant of a group. This causes the ‘private’ response from the targeted individual to be visible to everyone in the conversation.
Hackers can also use the ‘quote’ function of a group conversation to change the identity of the message sender, who is not even a member of the group and attackers can alter someone’s reply or message and add bogus data into it.
As of August 7, WhatsApp has only fixed the first security issue and is believed that attackers can leverage the other two security vulnerabilities to spread online scams, rumors, and fake news.
In an official blog post, the researchers warned that the security vulnerability can be exploited in three ways. First, by spoofing a reply message to put words in someone’s mouth. In this case a hacker can manipulate a chat by sending a reply message to himself so he can modify the content and then send the message back to the group. The second attack can be carried out by changing the identity of a sender in a group chat by using the quote feature even if he is not a member of the group.
“These security bugs are of course dangerous, but they are not uncommon in any type of software. Yet, users should be very careful when contributing to group chats. In case of any doubt during correspondence, confirm the author’s identity in a private chat,” said Victor Chebyshev, security researcher at Kaspersky. He also recommends that users should keep an eye on WhatsApp updates and download new versions immediately to stay secure as many of the updates can be patches for such vulnerabilities.