Spreading fake news through WhatsApp was never so easy before.
According to the latest research from Check Point security firm, WhatsApp users are at the risk of getting their private chats and group conversations hacked and exploited. Researchers discovered a new wave of attacks that allow cybercriminals to penetrate your messages on WhatsApp.
This penetration is facilitated by “design framework” flaws in the famous messaging app. The attacker not only can intercept but also exploit messages whether in a private or group chat. This way, attackers can fulfill all sorts of malicious objectives such as diverting evidence in their favor or spreading misinformation.
Check Point’s researchers suggest that attackers can use the vulnerability for the following types of attacks:
- Make changes to someone’s replies by adding words that they haven’t typed
- Quoting someone’s message in a group chat who isn’t a part of that group on WhatsApp
- Sending out a message to a group member pretending to be a group message but sent to that person only
Basically, the flaw lets attackers and scammers post anything on your behalf in a private and/or group chat. This may allow them to send fake messages from your side to your contacts and spread misleading news/information.
A Spoofed Reply Message (Image credit: CheckPoint)
According to CheckPoint’s blog post, the vulnerabilities between the mobile and web versions of WhatsApp are responsible for allowing infiltration of your private messages on the app. Users need to sync the web version with their mobile version installed on the device in order to send a message via desktop. By exploiting the flaws present in the syncing mechanism of both versions, an attacker can easily infiltrate the app’s encrypted traffic.
Check Point has informed WhatsApp about the issue and the company admitted that the flaws are indeed present in their mechanism. WhatsApp explained that the flaws seem to be part of the design framework of the platform but they are investigating the issue further.
(Image credit: CheckPoint)
Check Point researchers believe that the flaws are critical and need immediate fixing:
“We believe these vulnerabilities to be of the utmost importance and require attention.”
That’s because attackers can easily spread the fake news that may get uploaded on Facebook too. There will be dire consequences if that happens. Recently we have witnessed various incidents where fake news distributed on social media and messaging app led to serious real-life outcomes. Misinformation distributed via the app in India resulted in a series of lynchings. Online rumors led to the death of 12 Indians in May and the sole cause has been WhatsApp’s exploitation by cybercriminals.
The Head of Product Vulnerability Research at Check Point, Oded Vanunu, stated:
“Given WhatsApp’s prevalence among consumers, businesses, and government agencies, it’s no surprise that hackers see the application as a five-star opportunity for potential scams. As one of the main communication channels available today, WhatsApp is used for sensitive conversations ranging from confidential corporate and government information to criminal intelligence that could be used in a court of law.”
Watch how the vulnerability works
