A new vulnerability in WhatsApp could allow attackers to intercept and manipulate both private and group messages. The flaw could give immense power to attackers to spread rumors and fake news.
In the first half of 2018, Facebook-owned Whatsapp had put a restriction on forwarded messages to stem the rapid flow of fake news, rumors and online scams.
Check Point researchers, who discovered the WhatsApp vulnerability, observed three possible social engineering tactics that could be used to exploit the bug. The first method involved the use of the ‘quote’ feature in a group conversation to change the identity of the sender, even when that person is a part of the group.
The second tactic included manipulating someone else’s reply and the third involved sending a private message to a targeted individual in the group, such that when the individual responds, it will be visible to everyone in the conversation.
"Given WhatsApp’s prevalence among consumers, businesses, and government agencies, it’s no surprise that hackers see the application as a five-star opportunity for potential scams," Oded Vanunu, Check Point’s Head of Product Vulnerability Research said, Bleeping Computer reported.
“As one of the main communication channels available today, WhatsApp is used for sensitive conversations ranging from confidential corporate and government information to criminal intelligence that could be used in a court of law,” said Vanunu, BleepingComputer reported.
It is still unknown whether attackers have already exploited the WhatsApp bug.
Publisher