Beware! WhatsApp can be 'hacked' and text messages can be manipulated
Hackers can not only change the text that you are sharing but also change the sender’s identity.
Researchers warn that WhatsApp messages can be altered. Security firm Check Point Research has published details of WhatsApp security weaknesses allow hackers to manipulate WhatsApp messages in a group conversation. This may include editing quoted messages and masking a private message as a group message. So, hackers can not only change the text that you are sharing but also change the sender's identity.
WhatsApp 'security flaw' Details
1. Hackers can breach WhatsApp security and fake your messages
Roman Zaikin, a security researcher, and Oded Vanunu, head of products vulnerability research, both at Check Point, explained how WhatsApp could be hacked to change the text of a message and the identity of the sender. The duo claimed in a presentation entitled 'Reverse Engineering WhatsApp Encryption for Chat Manipulation and More'.
2. There are three possible modes of attack
Security researchers found three possible attack modes that give attackers the weapons needed to intercept and alter WhatsApp messages. All three modes exploit social-engineering tricks to fool end-users.
Mode 1: Use of 'quote' function in a group conversation
In a group conversation, hackers can use the 'quote' feature to change the identity of the message sender. To do this, a hacker need not even be a member of the group.
Mode 2: Attacker can change the text of others reply
A message sent can be freely edited when quoted by anyone else in the chat. In this, while the original text remains unchanged, anyone viewing the quoted text will see the altered version.
Mode 3. Send private messages to another group participant, disguised as a public message.
This allows hackers to send a private message to another group participant disguised as a public message for all, so when the targeted individual responds, it's visible to everyone in the conversation.
3. Facebook: Unable to intrude in within-chat attacks
As per the researchers, WhatsApp has fixed the third mode of attack, the first two security flaws still exist. The company claims that it is not practical to intervene in within-chat attacks.
Facebook said in a statement to The Next Web, "We carefully reviewed this issue a year ago, and it is false to suggest there is a vulnerability with the security we provide on WhatsApp. The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn't write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private – such as storing information about the origin of messages."
4. The large numbers group is under threat
Researchers say that the biggest threat of these security flaws is the WhatsApp groups that have a large number of members.
5. Researchers demonstrated the vulnerability in the web version of WhatsApp
To demonstrate the severity of this vulnerability in WhatsApp, Check Point researchers created a tool that allows them to decrypt WhatsApp communication and spoof the messages. The chances of the breach are more when the WhatsApp is connected with the web version.