According to Check Point Research, WhatsApp has a critical security flaw that’d allow hackers to fake messages from you. There are, as per Check Point Research, two ways that a hacker would follow in order to exploit the vulnerability.
The hacker can either
- Use the “quote” feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.
- Alter the text of someone else’s reply, essentially putting words in their mouth.
In other words, the hacker may change what you just wrote appear like it’s written by someone else. Also, hackers are also free to edit what you just wrote, but only when anyone quote your message in the chat. However, the original text remains the same.
What is more worrying is that Facebook said that it isn’t practical to fix the WhatsApp security flaw. And as Ben Lovejoy from 9to5Mac stated:
The problem is that WhatsApp uses end-to-end encryption. The vulnerability relies on the fact that a participant in the group can, of course, access the decrypted version of the messages. However, Facebook cannot, so says it is unable to intervene in this kind of within-chat attack.
Unfortunately, there are no safety measures available at this moment, but WhatsApp users are suggested no to become a part of a WhatsApp group that has too many members as it will make you more vulnerable to this attack.
Below is a video of how the attack works.