Are your WhatsApp messages what they seem? Check Point Research has found a vulnerability in the popular messaging app that apparently allows malicious parties to “intercept and manipulate” messages sent via the platform.
In its latest research, Check Point’s team revealed that by exploiting weaknesses in the communication between WhatsApp and the web-based version, an attacker could manipulate messages in a number of ways. By using the quote feature from group conversations, an attacker could change the identity of a message sender, for example, or alter the text of someone else’s reply.
Most damagingly of all, it allows a hacker to send a private message to a group participant disguised as public message, tricking them into a public response. It plays out something like this, in Check Point’s innocuous example:
WhatsApp has more than 1.5 billion users chatting in over a billion groups worldwide. “With so much chatter, the potential for online scams, rumours and fake news is huge,” the researchers argue. It gives threat actors “immense power to create and spread misinformation from what appear to be trusted sources.”
The researchers told Facebook-owned WhatsApp of their findings following the process of Responsible Disclosure, but have some general tips for people concerned that their conversations may be hijacked. Cross-check what you read on social media with your own research, but remember misinformation spreads faster than truth.
Are you worried your WhatsApp conversations could be listened in on or intercepted? Let us know on Twitter: @TrustedReviews