“According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries,” authors of Check Point’s research paper Dikla Barda, Roman Zaikin and Oded Vanunu told ET.
The firm disclosed WhatsApp vulnerabilities at Black Hat, a cyber-security conference in Las Vegas on August 7.
The authors said the vulnerabilities give attackers the power to create and spread misinformation from what appear to be trusted sources and that the firm notified WhatsApp about them towards the end of 2018. The team observed three possible ways of attackers exploiting the vulnerability all of which involve social engineering tactics to fool end-users.
A threat actor may use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group, alter the text of someone else’s reply, essentially putting words in their mouth or send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.
Discover the stories of your interest
“WhatsApp fixed the third vulnerability which enabled threat actors to send a private message to another group participant disguised as a public message for all. But, we found that it is still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources. We believe these vulnerabilities to be of the utmost importance and require attention,” the authors said.