WhatsApp vulnerability allowed hackers to manipulate messages, sender identity

WhatsApp was found to be infected with a vulnerability that allowed hackers to manipulate messages as well as the sender’s identity. The vulnerability was spotted by Check Point research, who revealed that the loophole could have allowed hackers to spread misinformation and make it appear like the message is coming from an authentic source. Reportedly, researchers found three attack modes that put WhatsApp users at risk. The exploit apparently used the “quote” feature in a group chat to change the content of the message and the identity of the sender, regardless of whether the member is a part of the group or not. [caption id=“attachment_6845991” align=“alignnone” width=“1024”]  Image: REUTERS[/caption] The vulnerability allowed hackers to change the content of the message in the quoted text. Researchers said that while the original message remained the same, the quoted message will easily be fooled. (Also read:  WhatsApp is reportedly working on a new Instagram-like boomerang feature ) The third attack mode also allowed hackers to send a private message to a contact in the group but when the recipient replies the whole group sees it. The video below was shared by the researchers to show how the attack works:

The vulnerability also allowed the researchers to decrypt a message, which is supposed to be protected by WhatsApp’s end-to-end encryption model. As per the company, WhatsApp’s end-to-end encryption allows only a sender and recipient of a message to read a text, and not even the company is able to access these messages. But this vulnerability causes a loophole in this encryption model. As of now, there are no reports of any hacker misusing this vulnerability. Researchers say that they have informed WhatsApp about the same.