An Israel based cybersecurity firm Check Point, claims that they have unearthed a flaw in WhatsApp that could be used to intercept and alter messages sent in group conversations as well as private chats.
Researchers believe that scammers would be able to alter the text message by changing a “quote” a feature to look like that someone has sent a message they did not actually send.
“By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues,” the blog post reads.
According to Check Point researchers, there are three ways through which users messages could be altered:
- Changing a reply from someone to put words into their mouth that they did not say.
- Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
- Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.
Meanwhile, the firm has informed WhatsApp about the severity of the flaw and advised them to fix as soon as possible.
The Facebook-owned WhatsApp has admitted about an alteration of the messages using “quote” feature but denied that it is a flaw. Spokesperson of Whatsapp Carl Woog said, “We carefully reviewed this issue and it’s the equivalent of altering an email.”