Reuters
A flaw in WhatsApp's system means that hackers could literally "put words in [someone's] mouth."
- A security firm has found a series of flaws in WhatsApp that could allow hackers to intercept and manipulate messages by changing the identity of a sender or altering their text.
- Attackers could literally "put words in [someone's] mouth," security firm Check Point Research wrote in a press release on Wednesday.
- This gives the attackers the power to "create and spread misinformation from what appear to be trusted sources," Check Point said.
- Facebook, which owns WhatsApp, did not immediately respond to a request for comment.
- Visit Business Insider's homepage for more stories.
A cybersecurity firm has discovered a flaw in WhatsApp that allows hackers to intercept and manipulate messages - potentially changing the identity of a message sender or altering their text.
Attackers could literally "put words in [someone's] mouth," Israeli firm Check Point Research said in a press release on Wednesday. It added that this gives the attacker the power to "create and spread misinformation from what appear to be trusted sources."
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Check Point reversed WhatsApp's encryption algorithm and decrypted the data. Once it did so, it was able to see all the parameters that are sent between the web and mobile version of WhatsApp and manipulate this data.
So, for example, if it wanted to change your message, it captures the outgoing message from WhatsApp, decrypts the data, changes it to whatever it wants it to say, and then encrypts it back.
The Facebook-owned messaging app has more than 1.5 billion users and is used in 180 countries around the world; the average user checks the app 23 times a day. So, the potential for online scams, rumors, or fake news is huge, Check Point said.
Read more: A security flaw found in WhatsApp and Telegram on Android lets hackers mess with your photos, payments, and voice notes
While Facebook has fixed one of the flaws it identified - the ability for a hacker to send a private message to another group participant that is disguised as a public message - Check Point said two others remain unresolved.
One uses the "quote" feature in a group conversation to change the identity of the message sender. The second lets a bad actor manipulate the text of someone else's reply.
Facebook did not immediately respond to Business Insider's request for comment.
To raise awareness, Check Point has launched a tool that enables users to carry out the manipulations and see what these flaws look like in real life, according to the Financial Times.
"We think this is our obligation to escalate this," Oded Vanunu, head of product vulnerability research at Check Point Research, told FT.
The news comes just months after WhatsApp confirmed that it had been hacked in May by bad actors who installed spyware on an unknown number of people's smartphones, giving them access to their information such as location data or private messages.
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
Catan adds climate change to the latest edition of the world-famous board game
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
JNK India IPO allotment – How to check allotment, GMP, listing date and more
Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas
