Home > Media News > Cybersecurity Company Claims That  Hackers Can Alter WhatsApp Messages

Cybersecurity Company Claims That  Hackers Can Alter WhatsApp Messages
8 Aug, 2018 / 04:12 PM / Reeny Joseph

Source: http://omnesmedia.com

1027 Views

A cybersecurity company said it had discovered a flaw in WhatsApp, the Facebook-owned messaging service with 1.5 billion users, that allows scammers to alter the content or change the identity of the sender of a previously delivered message.

By creating a hacked version of the WhatsApp application, scammers can change a “quote” — a feature that allows people within a chat to display a past message and reply to it — to give the impression that someone sent a message they did not actually send, according to the company, Check Point Software Technologies.

WhatsApp acknowledged that it was possible for someone to manipulate the quote feature, but the company disagreed that it was a flaw. WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service. The company said it worked to find and remove anyone using a fake WhatsApp application to spoof the service.

WhatsApp has 1.5 billion users on its platform, making it the world’s most widely used messaging app. It has gained popularity for the simplicity and security of its service, providing encryption so that even the company does not know the content of its users’ messages. Facebook acquired WhatsApp in 2014 for $19 billion.

Oded Vanunu, head of vulnerability research at Check Point, said the ability to alter messages gave attackers a powerful tool to spread misinformation from what appeared to be a trusted source. It is especially problematic in group chats, which can include up to 256 people. Multiple messages can come in at once and it can be easy to lose track of what someone has said, he said.

Check Point said it also discovered a way within group chats to send a message to a specific individual within the discussion. That individual is tricked into believing that the whole group saw the message and responds accordingly.

WhatsApp played down the concerns raised by Check Point, saying most people know the person who they are messaging on the service. The company said 90 percent of all messages on the service are sent in one-on-one conversations, and the majority of groups are six people or less — making it less likely that an unknown person can infiltrate a conversation to trick other users. A person can check the validity of a quote message by clicking on it. Doing so will take you back to the point in the chat when the message was sent unless the message was deleted or the person was not a participant in the chat when the message was sent.

WhatsApp said the potential fixes to this issue were not worth trying. One solution would be to create transcripts of every message exchange to verify the accuracy of every quote. Creating such a transcript is a significant privacy risk because those accounts of what people wrote to each other must be stored somewhere, the company said.