Vulnerabilities in WhatsApp can allow attackers to intercept and manipulate user messages

• Apparently, these security issues were revealed to WhatsApp last year.
• The three possible attack modes leverage social engineering tricks to fool users and to spread false information to different WhatsApp groups.

Researchers from Israeli security company Check Point have identified three attack modes in WhatsApp which can be exploited to intercept and manipulate users’ messages.

Apparently, these security issues were revealed to WhatsApp last year. However, they remain exploitable even after one year.

What are the security issues?

The three possible attack modes leverage social engineering tricks to fool users and to spread false information to different WhatsApp groups.

These security issues could have various consequences such as:

• The attackers can disguise a private message as a public message and send it to a participant of a group. This causes the ‘private’ response from the targeted individual to be visible to everyone in the conversation.
• The attackers can use the ‘quote’ function of a group conversation to change the identity of the message sender, who is not even a member of the group.
• The attacker can alter someone’s reply or message and add bogus data into it.

How did WhatsApp respond?

WhatsApp has only fixed the first issue. It is believed that threat actors can leverage the other two flaws to spread online scams, rumors, and fake news.

The bottom line

Stuart Peck, director of the cybersecurity strategy at ZeroDayLab, claims that WhatsApp flaws pose a serious security issue given that it still hasn’t been addressed. He further added that "the integrity of messages received from trusted sources is vital if users are going to trust encrypted messaging services like WhatsApp."