WhatsApp hacking trick manipulates messages in group chats

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A major flaw with WhatsApp's messaging app and web platform has been discovered that allows hackers to intercept and manipulate messages sent in a group chat.

Researchers at cyber security firm Check Point uncovered the vulnerability, which they published in a detailed blog post describing how the technique could be used to spread misinformation.

If carried out successfully, hackers would be able to use the exploit to alter the text of someone's reply in a group chat on WhatsApp and use the 'quote' feature to change the identity of a sender in a group conversation.

"We believe these vulnerabilities to be of the utmost importance and require attention," researchers Dikla Barda, Roman Zaikin and Oded Vanunu said in their findings.

"[They give] attackers immense power to create and spread misinformation from what appear to be trusted sources."

The Check Point researchers have informed WhatsApp of the vulnerability, though no one from the messaging app was available for comment.

A video detailing how the "FakesApp" vulnerability works was also published by Check Point.

WhatsApp, which has over 1.5 billion users worldwide, has increasingly become a target for hackers and scammers seeking to exploit the vast user base.

Last month, false rumours spread through the messaging app resulted in a series of lynchings and murders in India.

The latest vulnerabilities to be discovered provoked warnings from cyber security experts that more needs to be done to protect the users of these platforms.

"It's so easy to imagine how being able to imitate our friends and family members like this could cause havoc and enable bad guys to trick us into doing all sorts of things, and undermine not just chats but everything from the way we bank to the way we shop," Kevin Bocek, chief cyber security strategist at software firm Venafi, told The Independent.

"There is nothing we as consumers can do about this flaw – it’s up to companies to make sure they’re protecting all machine identities and how they are used in order to prevent these vulnerabilities and exploits from happening."

The Check Point researchers advised WhatsApp users to be cautious about potential deceptions, going as far as to say social media websites and apps should not be used as a source for news.