Cybersecurity firm Check Point Software Technologies Ltd. identified a security flaw in the WhatsApp messaging app. The vulnerability allows hackers to alter messages sent and received by users.
Previously, the Israeli cybersecurity firm relayed three ways to change messages, as reported by Bloomberg. One of these ways includes using the quoting feature within a group setting and by changing the sender’s appearance. Another way allows hackers to completely alter the text relayed by the sender.
Dikla Barda, Oded Vanunu, and Roman Zaikin worked as the main researchers assigned to the case. All three disclosed the vulnerabilities and implications at the recent Black Hat conference held in Las Vegas, Nevada.
The third way, albeit fixed, allowed the sender to direct a message to another group participant. Once the recipient responds, the reply remains visible to the whole group chat, notes Bloomberg.
Check Point immediately alerted WhatsApp in 2018. Despite early warnings, the cybersecurity company found out the flaws remain unsecured months after the incident. Substantial consequences could affect around 1.5 billion users of the mobile application.
Facebook believes that vulnerabilities stemmed from the system’s structure and architecture, as reported by ZD Net.
In response, the WhatsApp team said they “reviewed this issue a year ago.” Furthermore, a spokesperson for Facebook Inc. relayed it’s “false to suggest there is a vulnerability with the security we provide.” According to the company, the researchers magnified the issue to make the incident appear “like something a person didn’t write.”
To fully address the numerous security concerns, Check Point head, Oded Vanunu, works closely with WhatsApp. However, the messaging app’s encryption makes it challenging for both firms to provide a solution for the flaws, reports Bloomberg.
WhatsApp messaging app used by billions of people around the globe for personal and business transactions. As such, researchers believe that the vulnerabilities pose huge implications to users, particularly with their privacy. This also brings to light issues that might impact identity theft and fraud.
Besides these concerns, security flaws also open avenues for further exploitation. These repercussions include spreading fake news and propaganda materials. Last June 2019, ZD Net reveals that the messaging platform already went under fire for links to fake news circulation.
Without proper patches or answers from Facebook or WhatsApp, cybersecurity expert Stuart Peck urges users to switch to another platform. For Peck, Signal is a worthy contender due to its encrypted messaging service, states Forbes.