Cybersecurity researchers from Check Point have unearthed a vulnerability in WhatsApp that could allow attackers to trick users by intercepting messages and editing the content. This opens up the possibility of scamming people and spreading misinformation.

According to Check Point, there are three methods that can be employed to fool WhatsApp users, outlined below:

  1. Changing a reply from someone to put words into their mouth that they did not say.
  2. Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
  3. Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.

Fake quotes could deceive users. (Source: Check Point)

It's easy to see how these techniques could be used to dupe even relatively tech-savvy individuals, with scams being an immediate concern and the potential spread of fake news a more slow-burning problem. Check Point has contacted WhatsApp to inform it of the severity of this discovery and advised that a fix should be found sooner rather than later.

As reported by The New York Times, WhatsApp has admitted that the above scenarios are possible, but played down the issue. Spokesperson Carl Woog said, "We carefully reviewed this issue and it’s the equivalent of altering an email." The app's end-to-end encryption doesn't help in this instance, and Woog also said that verification of every single message would be too hard a task and possibly create further security implications.

WhatsApp has already been criticised for not doing enough to halt the spread of fake news and misinformation, particularly in India where a large portion of its 1.5 billion users reside. This latest news piles more pressure onto the Facebook-owned company — time will tell whether it will take measures to fix these issues.

Source: Check Point (1), (2), New York Times