Researchers find flaw in WhatsApp; ‘private, group messages can be manipulated’

WhatsApp spokesperson Carl Woog, in a statement to The New York Times acknowledged that though the "quote" feature can be manipulated, it was not a flaw.

By: Tech Desk | New Delhi | Published: August 10, 2018 10:44:12 am

WhatsApp, WhatsApp flaw, WhatsApp manipulation, WhatsApp message manipulation, WhatsApp vulnerability, WhatsApp update, WhatsApp new features, WhatsApp features WhatsApp spokesperson Carl Woog, in a statement to The New York Times acknowledged that though the “quote” feature can be manipulated, it was not a flaw.

Researchers at Israeli security firm Check Point Research claimed that they have found flaws in WhatsApp that ‘could allow threat actors to intercept and manipulate messages sent in both private and group conversations’. Thanks to Burp Suit Extension and three manipulation methods, researchers were able to exploit vulnerability in the messaging app. They started by decrypting the WhatsApp communication by reversing its algorithm, which helped them get the Burp Suit Extension.

The security firm put out a blog post explaining how they were able to manipulate private and group messages. The researchers could alter the text of someone else’s reply, send private message to another group participant who is not visible to other participants in a group, and use WhatsApp’s “quote” feature in group conversation to change identity of the sender irrespective of whether that person is a member of the group or not.

Do note that in the method where the hacker can send private messages to a person in a group, the message will be visible to every member of the group as soon as the person replies to it using the “quote” feature. “By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues,” the blog post reads.

Also read: WhatsApp officially rolls out forwarded message limit for India users: Here’s what it means

WhatsApp spokesperson Carl Woog, in a statement to The New York Times acknowledged that though the quote feature can be manipulated, it was not a flaw. Woog insists the vulnerability has nothing to do with the security of WhatsApp’s end-to-end encryption, which was rolled out globally in 2016 and ensures that messages are read by only the sender and the recipient.

Earlier, WhatsApp officially rolled out forwarded message limit to five chats for India users. The move aims to curb the spread of misinformation on its platform. WhatsApp is facing scrutiny in India, after reports that viral video messages shared on the app resulted in lynchings, mob violence in some parts of the country.

For all the latest Technology News, download Indian Express App

Advertisement
Advertisement
Advertisement
Advertisement