Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Security researchers have discovered a security vulnerability with WhatsApp that allows messages to be manipulated in group chats.
In a blog post detailing their findings, Check Point Research said the security flaw means people can edit someone's reply, "essentially putting words in their mouth".
When the vulnerabilities were first discovered, Facebook likened the issue to "altering an email" to make it look like something a person never wrote.
"This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp," the technology giant said.
12 useful WhatsApp features you didn’t know existed
Show all 12
"We take the challenge of misinformation seriously and recently placed a limit on forwarding content, added a label to forwarded messages, and made a series of changes to group chats."
The researchers found three possible methods of attack by exploiting the issue. The first involves using the 'quote' feature in a group conversation to change the identity of the sender.
The second is to alter the text of a person's rely, while the third involves sending a private message that actually appears as a public message.
Check Point said only the third of these vulnerabilities has so far been fixed by WhatsApp, despite these issues being of "the utmost importance" and requiring immediate attention.
"Given all the chatter, the potential for online scams, rumours and fake news is huge," Check Point Research wrote in a blog post.
"Threat actors have an additional weapon in their arsenal to leverage the messaging platform for their malicious intentions."
Check Point’s head of products vulnerability research, Oded Vanunu, told The Independent: "Instant messaging is a vital technology that serves us day-to-day, we manage our private and professional life on this platform and it’s our role in the infosec industry to alert on scenarios that might question the integrity. WhatsApp was very responsive, but took few actions, including fixing one of the manipulation scenarios."
The cyber security firm built a custom tool to take advantage of the flaw, which was demonstrated at the Black Hat conference in Las Vegas this week.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies