January 13, 2022
WhatsApp message vulnerability

Researchers Uncover a WhatsApp Message Vulnerability

A WhatsApp message vulnerability for hackers to exploit has now been found by security researchers at Check Point Software Technologies…

Security experts at Check Point have discovered it’s possible for hackers to alter the content and sender’s name of a WhatsApp message. This includes the ability to change quoted messages and other possibilities.

WhatsApp Message Vulnerability Discovered by Researchers

Although the opportunity does exist, it’s necessary for a hacker to be a part of a conversation to exploit the vulnerability. Which means a potential hacker would need to be part of a group chat. Therefore, it appears group chats are the ones at-risk.

WhatsApp states it wasn’t aware of the technique. However, WhatsApp features end-to-end encryption, which does provide security to individual conversations. Here’s what the researchers found, quoted directly:

  1. Changing a reply from someone to put words into their mouth that they did not say.
  2. Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
  3. Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.

Spokesperson Carl Woog said, “We carefully reviewed this issue and it’s the equivalent of altering an email.” Below are examples of the vulnerability being compromised:

WhatsApp message vulnerability screenshot
Credit: Check Point