- A cyber security firm recently demonstrated how hackers could edit sent messages on WhatsApp.
- The firm said WhatsApp had three vulnerabilities one of which could allow hackers to edit someone else’s reply.
- The cyber security firm said that it had first disclosed the three vulnerabilities to Facebook last year.
Security hacks are on a rise. Malicious hackers are actively looking for flaws and vulnerabilities in tech platforms, particularly social media apps, that would allow them to gain control of users’ personal profiles and use them to their advantage. At a time when cyber attacks are on a rise Facebook is yet to fix three flaws in its social messaging app, WhatsApp, that can allow hackers to edit users’ sent messages.
During the annual Black Hat security conference that was held in Las Vegas, United States earlier this week security researchers from an Israeli cyber security firm Check Point demonstrated how malicious hackers can use vulnerabilities in WhatsApp’s platform to manipulate the contents of not only the messages sent in a personal chat but also in a group chat.
In a blog post, Check Point researchers Dikla Barda, Roman Zaikin and Oded Vanunu explained the three vulnerabilities plaguing the popular social messaging platform. The first vulnerability allows hackers to use the “‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.” The second vulnerability, as the researchers explained, allows hackers to “alter the text of someone else’s reply, essentially putting words in their mouth.”
The third flaw, allows the malicious hackers to “send private messages to another group participants that is disguised as a public message for all.” This means that the you might feel that you have received a private message in a group, but it will be visible to all the people in the group.
Check Point had first informed Facebook-owned WhatsApp about the three vulnerabilities in its platform last year. “Towards the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messaging application that would enable threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources,” Check Point wrote in a blog adding that the company had fixed the third vulnerability “which enabled threat actors to send a private message to another group participant disguised as a public message.”
Responding to the claims made the cyber security firm, a Facebook spokesperson said that claims regarding vulnerabilities in WhatsApp were false.
“The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private — such as storing information about the origin of messages,” a Facebook spokesperson told IANS.