WhatsApp Flaw Lets Users Modify Group Chats to Spread Fake News
WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations.
Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a loophole in WhatsApp’s security protocols to change the content of the messages, allowing malicious users to create and spread misinformation or fake news from “what appear to be trusted sources.”
The flaws reside in the way WhatsApp mobile application connects with the WhatsApp Web and decrypts end-to-end encrypted messages using the protobuf2 protocol.
The vulnerabilities could allow hackers to misuse the ‘quote’ feature in a WhatsApp group conversation to change the identity of the sender, or alter the content of someone else’s reply to a group chat, or even send private messages to one of the group participants (but invisible to other members) disguised as a group message for all.
In an example, the researchers were able to change a WhatsApp chat entry that said “Great!”—sent by one member of a group—to read “I’m going to die, in a hospital right now!”
It should be noted that the reported vulnerabilities do not allow a third person to intercept or modify end-to-end encrypted WhatsApp messages, but instead, the flaws could be exploited only by malicious users who are already part of group conversations.
Source | thehackernews