WhatsApp has grown to become the most preferred app for communication on smartphones and it has more than a billion users on its platform. With such a massive user base, even the smallest flaw could set a huge implication. In one such instance, an Israeli cybersecurity firm found a dangerous flaw that could potentially allow hackers to spread fake news and misinformation.
WhatsApp is fighting hard to keep fake news on its platform at bay. The Facebook-owned social networking app has already instated several measures to prevent means of spreading misinformation, for which it has come under extreme scrutiny. But the latest revelation by Check Point Research puts WhatsApp on a tough spot again.
According to the Check Point researchers, a flaw in WhatsApp could allow hackers to intercept and manipulate messages sent either privately or in a group. The recipient will only see it as a message coming from a known sender without suspecting any third-party influence or alteration. This gives a dangerous amount of power to hackers as WhatsApp users share more than 65 billion messages a day.
As per the research notes, hackers could exploit the newly-discovered vulnerability in three ways:
- Use the 'quote' feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.
- Alter the text of someone else's reply, essentially putting words in their mouth.
- Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it's visible to everyone in the conversation.
These observations based on the research done by Check Point Research shows just how much control hackers gain in the process of exploiting WhatsApp's vulnerability. To put things in better perspective, here's a video below to understand how victims could be in a soup if hackers intend to manipulate messages.
Challenging WhatsApp's end-to-end encryption
Even though the flaw challenges WhatsApp's lauded end-to-end encryption for all the messages shared on the platform, which mean only the sender and the recipient can read the messages, the company shared a statement reaffirming its users that there's nothing to be worried about.
"We carefully reviewed this issue and it's the equivalent of altering an email to make it look like something a person never wrote. This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp," the company said in a statement.
WhatsApp came under fire after more than 20 people were butchered based on suspicion of child kidnapping and other crimes as a result of viral messages that were circulated on the platform. After the Indian government intervened, WhatsApp rolled out a feature that would limit the number of forwards a user can make at a time.
Besides this, WhatsApp had also rolled out a feature to label forwarded messages in a bid to curb the spread of fake news and misinformation.