Israeli security company, Check Point, revealed at a conference how Facebook-owned WhatsApp could be hacked to alter text messages and even the identity of the sender.
Has WhatsApp been vulnerable to attacks for a whole year without its users knowing it?
WhatsApp Vulnerabilities
At the annual Black Hat security conference in Las Vegas, Check Point Researchers demonstrated in detail how WhatsApp messages could be altered. According to the researchers, there are three ways in which attackers could exploit users or spread misinformation: by altering the contents of the text message itself, by changing the identity of the message sender, and by tricking the user to replying to a supposed private message to one person that actually ends up being in a group or public chat.
What’s concerning is that this is not actually a new discovery, because the researchers found these vulnerabilities in 2018 but WhatsApp has since only fixed the last of the listed vulnerabilities. At the conference, researchers presented the tool that they created to exploit WhatsApp’s vulnerabilities in hopes that it would provoke discussion on the matter and to raise awareness that this is something that might be happening.
Security Of WhatsApp
In a statement, a Facebook spokesperson explains that they have looked at the vulnerabilities a year ago and decided that it was “false” to suggest a vulnerability in WhatsApp’s security. Furthermore, the spokesperson stated that addressing the concerns, perhaps by way of storing information on the origin of the text messages, would make WhatsApp less private.
However, cybersecurity experts find this issue to be a serious one that has to be dealt with. For instance, these vulnerabilities could be exploited by an attacker by inserting themselves into a group chat and alter the course of the conversation so that the involved parties would disclose private information. And with WhatsApp serving 1.5 billion users, this may cause an even bigger problem with misinformation, fake news, and manipulation.