Since the beginning of this year, WhatsApp, still owned by Facebook, has more than 1.5 billion users. There are more than 1 billion groups and another 65 billion messages are sent per day. With this kind of numbers, the potential for online scams, rumors and fake news is enormous.
Researchers from the company Check Point have now discovered a vulnerability in WhatsApp that responds to this. This allows someone (read cyber criminals) to intercept and manipulate messages sent by individuals in a group or private conversation.
This allows attackers not only to send potential evidence to their advantage, but also to create and distribute misleading information. The vulnerability allows the attacker to:
- Use the ‘quote’ function in a group conversation to change the identity of the sender, even if that person is not a member of the group.
- Changing the text of someone else’s answer to words in someone’s mouth.
- Send a private message to another group participant that is disguised as a public message for everyone. When the targeted individual responds, it is visible to everyone in the conversation.