August 08, 2019
Check Point Software Technologies, an Israeli company that provides security for computer networks, said its researchers found three potential ways to alter conversations. PHOTO: REUTERS
NEW YORK (Bloomberg) – A cybersecurity firm says it has identified flaws in the popular messaging app WhatsApp that could allow hackers to manipulate messages in both public and private conversations, raising the prospect of misinformation being spread by what appears to be trusted sources.
Check Point Software Technologies, an Israeli company that provides security for computer networks, said its researchers found three potential ways to alter conversations.
One uses the “quote” feature in a group conversation to change the appearance of the identity of a sender. Another lets a hacker change the text of someone else’s reply.
And the other, which has been fixed, would have let a person send a private message to another group participant disguised as a public message to all, so when the targeted individual responded, it was visible to everyone in the conversation.
A WhatsApp spokesman declined to comment.
The flaws could have significant consequences because WhatsApp has about 1.5 billion users, and is used for personal conversations, business communications and political messaging, said Mr Oded Vanunu, Check Point’s head of products vulnerability research.
Check Point said it alerted WhatsApp, which is owned by Facebook, about the flaws late last year. But the company said only one of the flaws – disguising a private message as one that becomes visible to an entire group – has been addressed.
Mr Vanunu said his company is working with WhatsApp, but the other problems were difficult to solve because of the messaging app’s encryption.