What's Up with WhatsApp's Fake Messages?

Written by

Have you found yourself put off by a friend's comment or shocked by words Mom wrote in a group message on WhatsApp? WhatsApp users who have been questioning the content of comments from friends and family could be victims of a malicious actor, according to research released by Check Point.

According to a blog posted today, Check Point researchers discovered a vulnerability in WhatsApp that would allow an attacker to not only intercept messages but also manipulate them to put fake quotes into someone's digital mouth. Thus far, the researchers have found that there are three possible attack methods an attacker can use when exploiting the vulnerability. 

  1. Changing a reply from someone to put words into their mouth that they did not say.
  2. Quoting a message in a reply to a group conversation to make it appear as if the message came from a person who is not part of the group.
  3. Sending to a member of a group a message that looks to be a group message but is in fact only sent to this member. However, the member's response will be sent to the entire group.

The more than 1.5 billion WhatsApp users reportedly send over 65 billion messages per day. With more than 1 billion groups on the Facebook-owned application, there is a wealth of opportunity for attackers to have some fun scamming and scrambling people's exchanges.

Check Point researchers wrote that they followed the process of responsible disclosure to inform WhatsApp of the vulnerability they found. “Given WhatsApp’s prevalence among consumers, businesses, and government agencies, it’s no surprise that hackers see the application as a five-star opportunity for potential scams," said Oded Vanunu, head of products vulnerability research at Check Point.

"As one of the main communication channels available today, WhatsApp is used for sensitive conversations, ranging from confidential corporate and government information to criminal intelligence that could be used in a court of law.”

What’s hot on Infosecurity Magazine?