WhatsApp hacking trick manipulates messages in group chats

Security researchers discovered a flaw that lets hackers intercept and manipulate messages, saying WhatsApp should deal with it with the 'utmost importance'

Anthony Cuthbertson
Wednesday 08 August 2018 17:38 BST
Comments
Researchers at Check Point labelled the vulnerability 'FakesApp'
Researchers at Check Point labelled the vulnerability 'FakesApp'

A major flaw with WhatsApp's messaging app and web platform has been discovered that allows hackers to intercept and manipulate messages sent in a group chat.

Researchers at cyber security firm Check Point uncovered the vulnerability, which they published in a detailed blog post describing how the technique could be used to spread misinformation.

If carried out successfully, hackers would be able to use the exploit to alter the text of someone's reply in a group chat on WhatsApp and use the 'quote' feature to change the identity of a sender in a group conversation.

"We believe these vulnerabilities to be of the utmost importance and require attention," researchers Dikla Barda, Roman Zaikin and Oded Vanunu said in their findings.

"[They give] attackers immense power to create and spread misinformation from what appear to be trusted sources."

The Check Point researchers have informed WhatsApp of the vulnerability, though no one from the messaging app was available for comment.

A video detailing how the "FakesApp" vulnerability works was also published by Check Point.

WhatsApp, which has over 1.5 billion users worldwide, has increasingly become a target for hackers and scammers seeking to exploit the vast user base.

Last month, false rumours spread through the messaging app resulted in a series of lynchings and murders in India.

The latest vulnerabilities to be discovered provoked warnings from cyber security experts that more needs to be done to protect the users of these platforms.

"It's so easy to imagine how being able to imitate our friends and family members like this could cause havoc and enable bad guys to trick us into doing all sorts of things, and undermine not just chats but everything from the way we bank to the way we shop," Kevin Bocek, chief cyber security strategist at software firm Venafi, told The Independent.

"There is nothing we as consumers can do about this flaw – it’s up to companies to make sure they’re protecting all machine identities and how they are used in order to prevent these vulnerabilities and exploits from happening."

The Check Point researchers advised WhatsApp users to be cautious about potential deceptions, going as far as to say social media websites and apps should not be used as a source for news.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in