A security firm has uncovered a WhatsApp flaw that allows hackers to alter your messages. The flaw, according to Business Insider, could allow hackers intercept and manipulate messages. It could also allow them to change your identity or even alter your text or conversation with your contact.
Literarily, the loophole could let hackers “put words in people’s mouths;” which could be a serious threat as it is capable of spreading fake information. Check Point Research, an Israeli firm in a press release on Wednesday said the vulnerability gives the attacker the power to “create and spread misinformation from what appear to be trusted sources.”
The firm said it was able to discover this when it reversed WhatsApp’s encryption algorithm and decrypted the data. This exposed the app’s parameters that are sent between the web and mobile version of WhatsApp and manipulate the data.
For example, it wanted to change your message, all what is required is to capture the outgoing message from WhatsApp, decrypt the data, change it to whatever it wants it to say, and then encrypt it back.
WhatsApp is hugely popular across 180 countries of the world—and this makes it a regular target for scammers and those who derive pleasure in spreading fake news.
A couple of months ago, a WhatsApp vulnerability exposed the messaging app to attack from hackers. A vulnerability in the system gave access to hackers who invaded users’ phones without their consent.
WhatsApp owned by social networking giant Facebook later announced that it had discovered and fixed the vulnerability exploited by the hackers. The objective of the attackers was to implant malicious code on a victim’s phone by making a voice call to their targets on the messaging app. The recipient of such call does not even need to answer the call for the phone to be infected.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” a WhatsApp spokesperson said in a statement per CNN.
The Facebook-owned chat app encouraged users to seriously consider updating their version of app to the very latest in the respective stores—App Store, Play Store and the likes.
Two years ago, some users reportedly received a WhatsApp notification text message asking them to renew their subscription. The new scam notification, which was targeted at WhatsApp users, is asking them to pay 99p to continue using the service.
Some users fell victim of the text message warning them that their subscription to the service had “expired.” Of course, this was not true as WhatsApp no longer charge members for using its service. Users were therefore warned to ignore any link included in such messages, and install and run a virus scan on their device in case they had already clicked on the link.