You just met a WhatsApp security bug which enables manipulate our messages, so that a malicious user could modify the conversations and give us texts that we have not written.
According to Checkpoint Research, this fault is found in the communication between the WhatsApp Web platform and the smartphone, and that allows to modify the messages that we send using the function of "appointments" (or "answers").
Although the WhatsApp messaging service is responsible for encrypting all the messages we send and receive so that such a failure does not occur, through a decryption tool messages can be manipulated, as the discoverers of vulnerability have shown.
The problem, as we mentioned, is in WhatsApp Web, exactly when accessing the platform we scan the QR code with our device.
Before scanning it, upon entering the "inspect browser" option, the code of the elements we see on the website appears.
Just at the moment, when the mobile scans the code that appears on the computer screen, a communication is made between both It is possible to intercept.
This happens because it is used in an insecure communication protocol called "Websocket" Between the WhatsApp app on the phone and the WhatsApp Web page.
This is how the algorithm used by the WhatsApp application and our computer is obtained at that time, with which we can send messages.
Through a program that is responsible for violating the algorithm, it is possible modify the content and thus manipulate the text of the messages, showing that we have written things that, in reality, come from a third party.
By copying the code that uses a message and entering it in the experimental program that knows how to decrypt it, it becomes possible to change messages sent by the other person.
Logically we will see that our message is correct, but the rest of the components of a WhatsApp group can be deceived.
This security breach has been detected when talking about a group and replying to a message, and also when forward it to a third person so that the latter is the victim.
Now Whatsapp has to work on solving the failure that makes it possible to manipulate messages, although we must not be in a hurry, because problems such as the error of the SS7 protocol that allows spying on our mobile phone take many months without a clear answer.
What do you think about this type of security flaw? Do you think it will be fixed quickly?