Following WhatsApp’s crackdown on preventing the spread of fake news, a new flaw has been discovered in the immensely popular social messaging application. The new-found vulnerability within the application allows malicious hackers to intercept and manipulate messages sent by other users before they reach their intended recipients. This vulnerability can be exploited to allow hackers to spread malicious files, code, or fake information.
Facebook has recently been in the spotlight for the spread of “fake news.” Although Facebook refused to limit free voice to a certain extent, the company has revised its platforms and applications to help contain the spread of misinformation.
The company’s owned WhatsApp messaging service faced a message forwarding restriction last month that prevented users from sending a particular message to more than 5 recipients in their contact book. This action was taken after 20 people were brutally murdered following false circulations of messages that falsely identified them as kidnappers and notorious criminals.
According to research published by Check Point, it is found that malicious attackers can manipulate messages sent in both private conversations as well as group conversations to make it look as though it comes from a reliable source. Three particular methods of exploit were outlined by Check Point that allowed for these kinds of manipulations.
The first method uses the quote feature in a group conversation to change the identity of the sender even if that sender is not a member of the group chat. The second method allows the attacker to change the words of someone else’s reply by “putting words in their mouth.” The third method disguises a message sent to a particular recipient in a group chat so that when that recipient responds, the reply is visible to all members of the group chat.
Just as this new vulnerability has been brought forward by Check Point Research, WhatsApp has released its own brief statement.
This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.
Check Point Research, however, still believes that these vulnerabilities should not be taken lightly, and that WhatsApp should gear up its efforts to contain and resolve these concerns.