WhatsApp Flaw Could Allow Hackers To Modify, Send Fake Messages

WhatsApp Flaw Could Allow Hackers To Modify, Send Fake Messages
A recently discovered flaw in WhatsApp could allow hackers to modify and send fake messages (Warning: source may be paywalled; alternative source). Researchers at the Israeli cybersecurity firm Check Point said the vulnerability gives a hacker the possibility "to intercept and manipulate messages sent by those in a group or private conversation" as well as "create and spread misinformation." The New York Times reports: WhatsApp acknowledged that it was possible for someone to manipulate the quote feature, but the company disagreed that it was a flaw. WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service. The company said it worked to find and remove anyone using a fake WhatsApp application to spoof the service. "We carefully reviewed this issue and it's the equivalent of altering an email," Carl Woog, a spokesman for WhatsApp, said in a statement. What Check Point discovered had nothing to do with the security of WhatsApp's so-called end-to-end encryption, which ensures only the sender and recipient can read messages, he said.

For now, the issue appears limited to a discussion among security experts. Both WhatsApp and Check Point Software said they had not seen regular users creating fake quote messages in chats. Check Point said it also discovered a way within group chats to send a message to a specific individual within the discussion. That individual is tricked into believing that the whole group saw the message and responds accordingly. WhatsApp played down the concerns raised by Check Point, saying most people know the person who they are messaging on the service. The company said 90 percent of all messages on the service are sent in one-on-one conversations, and the majority of groups are six people or less -- making it less likely that an unknown person can infiltrate a conversation to trick other users.





Share on Google+



Read more of this story at Slashdot.