Security firm Check Point Research has discovered a new glitch in the popular messaging app WhatsApp, which allows hackers to obstruct and manipulate messages sent in both private and group chat windows.
The new flaw could lead cybercriminals into creating and disseminating fake news, making users believe that it comes from trusted sources.
Methods to incorporate the flaw
The research suggests that WhatsApp’s new flaw can be exploited in three ways:
- With the use of the “Quote” feature in a group chat, which will change the identity of a user irrespective of their presence on the group
- Completely manipulating the context of the messages sent by someone as a reply
- Sending a private message to a person portrayed as a public message so that everyone in the group can see the sent message
As a reminder, Facebook-owned WhatsApp has already fixed the third method of exploitation. However, the first two vulnerabilities remain unsolved.
How Check Point Research Showcased The Flaw?
To make people aware of the flaw, Check Point Research used a tool to decrypt encrypted WhatsApp messages. This was done by reversing WhatsApp’s decryption algorithm data.
WhatsApp’s “protobuf2 protocol” was converted to JSON to find out how the messages could be manipulated.
The decryption process helped in manipulating the messages sent, the identity of the users on a group and manipulating a chat by sending modified messages on behalf of another user.
We hope WhatsApp will soon find a solution to the new flaw. We will let you know once WhatsApp comes up with an official word on the same.