Skip to content

A new vulnerability in WhatsApp allows attackers to manipulate your messages

Last updated on 08/08/2018 at 20:40

The Check Point Research IT security experts, have discovered a new vulnerability present in WhatsApp which can jeopardize the messages you send.

Apparently, a security breach discovered in the most used messaging app in the world, would allow attackers intercept and manipulate the content of sent messages both in private conversations and in groups.

A new vulnerability in WhatsApp allows attackers to manipulate your messages

According to the researchers, There are three possible ways to exploit this vulnerability, in all of them using social engineering tactics to deceive users.

In this way, it would be possible to use the “reply” option in WhatsApp conversations to manipulate the identity of the sender of the message, alter the text of a reply, or make the user believe that a message is being sent to a group, when in fact it is being sent privately to another user, even though the message is reflected in the group so as not to raise suspicions.

FakesApp, the latest WhatsApp vulnerability that puts your messages at risk

As you can see in the video on these lines, the researchers emulate different ways of taking advantage of vulnerability, either to modify the content of a message and put in the mouth of others something that they have not really said, or to “exclude” a member of a group and prevent messages from appearing in your conversation.

This has been possible since WhatsApp stores the encryption keys through WhatsApp Web before the QR code is generated, an occasion that attackers would take advantage of to exploit the vulnerability.

Logically, that the encryption of WhatsApp has been transferred with relative ease is a fact of the utmost gravity, given that attackers could see each and every one of the parameters that are sent between the mobile version of WhatsApp and the one intended to be used from the browser, and therefore manipulate the messages at will.

As one of the main communication channels available today, WhatsApp is used for sensitive conversations ranging from confidential corporate and government information to criminal intelligence that could be used in a court of law. – Oded Vanunu, Product Leader at Check Point Research

The Check Point team of researchers has already contacted WhatsApp to inform them about the security problems of the platform, and from the company they have indicated that they are aware of them, although they assure that it is the normal operation of the application.

Therefore, it does not seem that the company behind the most used messaging app on the planet intends to change this behavior in the short term.