WhatsApp vulnerability allowed hackers to manipulate messages, sender identity

was found to be infected with a that  hackers to manipulate as well as the sender's identity.

The vulnerability was spotted by Check Point research, who revealed that the loophole could have allowed hackers to spread misinformation and make it appear like the message is coming from an authentic source.

Reportedly, researchers found three attack modes that put WhatsApp users at risk. The exploit apparently used the “quote” feature in a group chat to change the content of the message and the identity of the sender, regardless of whether the member is a part of the group or not.

WhatsApp vulnerability allowed hackers to manipulate messages, sender identity

The vulnerability allowed hackers to change the content of the message in the quoted text. Researchers said that while the original message remained the same, the quoted message will easily be fooled.

The third attack mode also allowed hackers to send a private message to a contact in the group but when the recipient replies the whole group sees it.

The video below was shared by the researchers to show how the attack works:

The vulnerability also allowed the researchers to decrypt a message, which is supposed to be protected by WhatsApp's end-to-end encryption model.

As per the company, WhatsApp's end-to-end encryption allows only a sender and recipient of a message to read a text, and not even the company is able to access these messages. But this vulnerability causes a loophole in this encryption model.

As of now, there are no reports of any hacker misusing this vulnerability. Researchers say that they have informed WhatsApp about the same.

You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More