WhatsApp flaw 'puts words in your mouth'

WhatsApp flaw 'puts words in your mouth'
  • Clock-gray 12:22
  • calendar-gray 08 August 2019

Newly-released tool that exploits vulnerability in Facebook’s WhatsApp allows you to "put words in people’s mouths", researchers say, APA reports citing BBC.

A team from cybersecurity firm Checkpoint has demonstrated how the tool can be used to alter the text within quoted messages, making it look as if a person had said something they did not. Researcher Oded Vanunu told the BBC the tool made it possible for “malicious actors” to manipulate conversations on the platform. Facebook would not provide a comment on the issue.

The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year.

“It’s a vulnerability that allows a malicious user to create fake news and create fraud. You can completely change what someone says. You can completely manipulate every character in the quote,” Vanunu explained.

The tool makes it possible to manipulate WhatsApp’s quoting feature to make it look like someone had written something they had not. The tool also allows an attacker to change how the sender of the message is identified, making it possible to attribute a comment to a different source.

A third issue highlighted by researchers has been successfully fixed by Facebook. That flaw could trick users into believing they were sending a private message to one person, when in fact their reply went to a more public group. But Vanunu said Facebook had told them the other issues could not be resolved due to “infrastructure limitations” on WhatsApp.


Other news