A WhatsApp security vulnerability could allow someone to intercept or manipulate your personal messages to make it look like you said something you didn’t.
“ 1. Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.
2. Alter the text of someone else’s reply, essentially putting words in their mouth.
3. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.”
Check Point said that after alerting WhatsApp to the issues, the app fixed the third vulnerability, but the other potential problems that could lead to online scams and fake news still remain.
WhatsApp is a messaging app that provides end-to-end encryption, free internet-based international calling, and cross-platform compatibility. Check Point says that because the app encrypts messages, videos, calls, photos and more, the vulnerabilities it found will persist.
WhatsApp says the issues that Check Point describes as “of the utmost importance and require attention” are not an actual vulnerability.
“We carefully reviewed this issue a year ago, and it is false to suggest there is a vulnerability with the security we provide on WhatsApp,” a Facebook spokesperson told Forbes. “The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private, such as storing information about the origin of messages.”
In May, another WhatsApp security flaw was found that enabled surveillance software to be placed on a user’s phone using the app’s call feature. WhatsApp fixed the vulnerability and advised users to update their app to the latest version.
Digital Trends reached out to WhatsApp to comment on the recent security vulnerabilities and to see if the remaining issues will be fixed, and this story will be updated upon a response.