WhatsApp users beware! New bug allows hackers to send fake messages pretending to be you – and there’s nothing you can do to stop them
- Flaw allows hackers to send texts impersonating another WhatsApp user
- It could be used to spread fake news and other misinformation, experts warned
- WhatsApp said it was aware of the flaw, but had no plans to fix the issue
A newly-discovered WhatsApp bug allows hackers to infiltrate and message your group chats and private conversations.
If combined with other existing glitches, the vulnerability could allow cyber criminals to impersonate you and send fake messages to your friends and family, security experts have warned.
Researchers who unearthed the bug believe it is of the ‘utmost importance’ WhatsApp fixes the problem – as it could be used to quickly spread misinformation.
The Facebook-owned company says it is aware of the flaw but has no plans to patch the problem as the exploited vulnerability forms a core part of the app’s design.
A new WhatsApp bug allows hackers to infiltrate your group chats and private messages. The flaw means attackers can send (left) and quote (right) messages on behalf of someone else
First discovered by Israeli cybersecurity group CheckPoint Research, the flaw is incredibly complex and involves a gap within the app’s encryption algorithms.
Writing on their website, the team said the vulnerability could make it possible for a hacker ‘to intercept and manipulate messages sent by those in a group or private conversation’ as well as ‘create and spread misinformation’.
Hackers could use the bug to alter the text sent in someone else’s reply to a group chat, essentially ‘putting words in their mouth’, the group said.
WhatsApp’s ‘quote’ feature can also be used to change the identity of the sender, to make it appear as if it came from a person who is not even part of the group.
By doing this, it would be possible to incriminate a person or close a fraudulent deal, for example.
Finally, cyber criminals could send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation, CheckPoint said.
A team of Israeli researchers has uncovered a vulnerability in WhatsApp that lets hackers infiltrate group chats and private messages.
They say that a sufficiently motivated hacker can:
1) Alter the text of someone else’s reply to a group chat, essentially putting words in their mouth.
2) Use the ‘quote’ feature in a group conversation to change the identity of the sender, to make it appear as if it came from a person who is not even part of the group.
3) By doing this, it would be possible to incriminate a person or close a fraudulent deal, for example.
4) Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
The vulnerability is incredibly complex, and involves a loophole in the way WhatsApp’s web and mobile versions communicate.
CheckPoint found hackers can insert themselves into the code between the two to retrieve and send fake messages from within the service.
WhatsApp said it currently has no plans to fix the vulnerability as it forms a core part of the ‘design framework’ of the app.
The firm assured users the loophole does not affect its end-to-end encryption – the system that ensures only the users in a conversation can read its messages.
‘We carefully reviewed this issue and it’s the equivalent of altering an e-mail to make it look like something a person never wrote,’ a WhatsApp spokesperson said.
The Facebook-owned company says it is aware of the flaw but has no plans to fix it as the vulnerability forms a core part of the messaging app’s design (stock image)
‘This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.’
The report of the flaw comes as the Facebook-owned company faces increasing scrutiny over the use of its popular service as a tool to spread fake news.
WhatsApp is a convenient platform through which to forward messages to large groups of people.
Last month, the app announced limits of forwarding messages following pressure from the Indian government over a spate of recent lynchings
More than 20 people have been butchered in the last three months by crazed mobs after being accused of child kidnapping and other crimes in viral messages circulated wildly on WhatsApp. Daily Mail