WhatsApp security loophole allows hackers to manipulate messages, spread fake news
BusinessToday.In August 9, 2018
Fake news has been plight of WhatsApp for some time now. So much so, that the instant messaging application had to introduce some radical checks in India, one of its biggest markets, to prevent the spread of fake news. From labelling forwarded messages to limiting message forwarding, the Facebook subsidiary has been trying a new host of features to put an end to misuse of the messaging platform. A recent revelation, however, has raised security concerns anew for WhatsApp.
An Israeli cybersecurity research firm, Check Point Research, discovered security loopholes in WhatsApp that can be exploited by hackers to "intercept and manipulate messages sent in both private and group conversations". In its report, the firm said that this security flaw can be used to propagate fake messages under the guise of what would appear to be a bona fide source.
WhatsApp provides end-to-end encryption for both private and group conversations so that they cannot be read or manipulated by any third party, even WhatsApp. The ability to surpass these safeguards could lead to severe breach of privacy, and even unchecked spread of fake news.
As per the Check Point Research report, the one of the methods to exploit these vulnerabilities in WhatsApp could be to use the 'quote' feature in a group conversation to change the identity of the sender, even if that person is not a member of the group. Hackers can also alter the text of someone else's reply, essentially putting words in their mouth, or send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it's visible to everyone in the conversation, the report added.
Check Point Research said that it has informed WhatsApp about the shortcomings in its security framework under the process of Responsible Disclosure.
In response to these security concerns, WhatsApp was quoted as saying in a NDTV report, "We carefully reviewed this issue and it's the equivalent of altering an email to make it look like something a person never wrote."
The messaging application, however, added, "This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp."
Edited by Vivek Punj