Various WhatsApp vulnerabilities have been found by cyber security firm Check Point Research, exposing the app's 1.5 billion users to cyber hackers who could potentially alter their messages
A cyber security researcher has uncovered WhatsApp vulnerabilities after digging through the instant messaging service’s code – putting its 1.5 billion users at risk.
By reversing its encryption data, Check Point Research found it was possible for hackers to intercept and manipulate the 65 million messages sent in more than one billion private and group conversations everyday.
The company said: “This gives cyber attackers immense power to create and spread misinformation from what appear to be trusted sources.
“Following the process of responsible disclosure, Check Point Research informed WhatsApp of our findings.
“From Check Point Research’s view, we believe these vulnerabilities to be of the utmost importance and require attention.”
Explaining the WhatsApp vulnerabilities
WhatsApp encrypts every message, picture, call, video or any other type of content its users send so that only the recipient can see it, excluding all others parties – including the company itself.
However, by reversing the messaging service‘s encryption algorithm, Check Point Research was able to view the security parameters sent between the mobile version of WhatsApp and the web version.
This allows it to manipulate them and begin digging for the security issues, which allow cyber hackers to:
1. Use the “quote” feature in a group conversation to change the identity of the sender even if that person is not a member of the group.
2. Alter the text of someone else’s reply, essentially putting words in their mouth.
3. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
In one of the examples provided by Check Point Research below, the company highlighted how it was able to change the content of a WhatsApp user’s message to something else entirely.
User Dikla Checkpoint’s original message read “Great”, but was changed to “I’m going to die, in a hospital right now.”
What Check Point Research says about the WhatsApp vulnerabilities
Check Point Research product weakness division head Oded Vanunu said: “WhatsApp’s huge popularity among consumers, businesses, and governments makes it a preferred destination for attackers who see it as a tremendous opportunity to create a ruse.
“As one of the world’s leading communication channels, courts around the world have already recognised correspondence in it as evidence admissible in court, and weaknesses that allow direct correspondence are potentially extremely damaging for dissemination of disinformation (fake news).
“We believe it is of paramount importance to address such weaknesses in an application that’s so well identified and affects communication between more than a billion people worldwide.
“Otherwise, attackers can take advantage of them and have real impact on unmediated communication occurring in more than a billion conversation groups.”
Compelo has contacted WhatsApp for a response.