Check Pointn Research, an cybersecurity company in Israel, found a flaw in WhatsApp that allows computer hackers to intercept and manipulate messages, managing to change the identity of a sender or alter its text.
The firm reversed the encryption algorithm of Whatsapp and decrypt the data. Once he did, he could see all the parameters that are sent between the web and mobile version of the app and manipulate this data.
At the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messenger application that will allow threat actors to intercept and manipulate messages sent in private and group conversations, giving attackers the power to create and disseminate erroneous information. of what appear to be reliable sources, says the statement.
WhatsApp has more than 1,500 million users and is used in 180 countries worldwide; The average user reviews the app 23 times per day. Therefore, the potential for online scams, rumors or fake news is enormous.
Check Point Research people found three possible methods of attack that exploit this vulnerability of WhatsApp, which involve social engineering tactics to deceive end users.
These three possibilities are:
Use of the "quote" function in a group conversation to change the identity of the sender, even if that person is not a member of the group.
Alter the text of another person's response, essentially putting words in their mouth.
Send a private message to another participant of the group that disguises itself as a public message for everyone, so that when the target person responds, it is visible to everyone in the conversation.
While Facebook He took action on the matter and has solved the problem of the ability of a hacker to send a private message to another participant in the group who disguises himself as a public message, Check Point insists that the other two vulnerabilities remain unresolved.
We believe it is our obligation to escalate this, said Oded Vanunu, chief of product vulnerability research at Check Point Research.