Check Point’s cyber security researchers have found new vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat. This gives hackers the ability to create and spread misinformation from what appear to be trusted sources.
By exploiting vulnerabilities found in communications between the mobile version of WhatsApp and WhatsApp Web, the web-based version, a hacker can:
- Alter the text of someone else’s reply, essentially putting words in their mouth
- Use the ‘quote’ feature in a group conversation to change the identity of the sender, to make it appear as if it came from a person who is not even part of the group.
- Send a private message to another group participant disguised as a public message for all, so when the individual responds, it’s visible to all in the conversation.
Check Point’s researchers have notified WhatsApp of the flaws, full details are available from: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/,