WhatsApp WARNING: Shock flaw could cause BIG chat app fights between you and your friends
WhatsApp fans are being warned after security experts revealed a flaw that could spark big bust-ups between you and your friends.
Stats revealed earlier this year showed WhatsApp has over 1.5billion users, with over one billion chat app groups and 65bn messages sent daily.
With such a vast number of communications being sent each and every day it’s unsurprising that scammers try to slip in fake messages to fool users.
Just recently Express.co.uk warned about a fake vouchers scam for Costa Coffee that tries to trick victims into handing over personal details.
But now a new scamming tactic has been discovered which targets what people value most – their friends and family.
Security experts at Check Point have revealed a flaw that has the potential to cause arguments amongst your nearest and dearest.
It enables scammers to intercept and manipulate messages sent in both private and group conversations.
Hackers can alter the text of a WhatsApp user’s reply – essentially putting words in their mouth.
WhatsApp users are being warned about a flaw which could see fake messages sent
Check Point in a video online outlined how this works in both private and group chats.
In the private chat demonstration one WhatsApp user is the attacker and the other is the victim.
The attacker is able to alter the contents of a victim’s sent message in a forwarded message, making it seem like they wrote something they didn’t.
In the group chat demonstration, however, when multiple people were involved in a conversation the attacker intercepted one particular message.
WhatsApp users could be sent fake messages in the chat app
They could then alter the contents of it in a forwarded message before other people in the chat saw it.
Depending on the contents of the faked message, this could result in huge arguments or panic over fake developments in a victim’s life.
In a post online, Check Point gave examples of how this flaw could be manipulated in different situations.
One potential attack the security firm outlined was ‘change the identity of a sender in a group chat, even if they are not a member of the group’.
WhatsApp users have been alerted that the issue affects private and group chats
Check Point explained: “In this attack, it is possible to spoof a reply message to impersonate another group member and even a non-existing group member.”
They added: “To impersonate someone from the group, all the attacker need do is catch the encrypted traffic.
“Once the traffic is captured, he can simply send it to an extension which will then decrypt the traffic.”
Check Point went on to explain how this could work in practice.
WhatsApp has over 1.5billion users around the world
They said: “For example, we can change the conversation to something else.
“The message with the content ‘Great!’ sent by a member of a group, for instance, could be changed to something else like: ‘I’m going to die, in a hospital right now’ and the participant parameter could also be changed to someone else from the group.”
They added: “In order to make everyone see the new spoofed message the attacker needs to reply to the message he spoofed, quoting and changing that message (‘Great’) in order for it be sent to everyone in the group.”
Check Point also outlined one potential attack where only one victim in a three member group chat (which included an attacker) was receiving faked messages.
WhatsApp users sent 65billion messages each and every day
But the other person in the chat wasn’t, causing confusion amongst the victims being targeted.
Check Point said this gives “attackers immense power to create and spread misinformation from what appear to be trusted sources”.
Speaking to Express.co.uk, a WhatsApp spokesperson said that the Facebook-owned chat app bans accounts that attempt to make WhatsApp modifications.
The WhatsApp flaw has the potential to cause arguments among friends
They said: “We carefully reviewed this issue and it’s the equivalent of altering an email to make it look like something a person never wrote.
“This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.
“We take the challenge of misinformation seriously and recently placed a limit on forwarding content, added a label to forwarded messages, and made a series of changes to group chats.
“We ban accounts that attempt to modify WhatsApp to engage in spammy behaviour and we are working with civil society in several countries to educate people about fake news and hoaxes.”