Digital platforms, whether due to an error in their code or the ability of hackers, are vulnerable to cyber attacks, making the security of their users compromised.
Social network applications are no stranger to these attacks. An Israeli electronic security company called Check Point Research reversed the WhastApp encryption algorithm and discovered new vulnerabilities in this Facebook-owned messaging service. These small security gaps could allow hackers to intercept and manipulate messages sent in private and group conversations, which would put the privacy of more than 1.5 billion users at risk.
The ability to manipulate the content of the text messages of any WhatsApp user would give the attackers immense power to create and disseminate erroneous information or fake news, as they would make it appear that the information comes from reliable sources.
The Check Point Research team observed three possible attack methods that can take advantage of that weakness. Each of them involves great social engineering tactics to deceive users.
The first endangers the groups. It consists of changing the identity of the sender of a message, even if the person is not in the chat. The second method involves modifying the response text of a person, having the possibility of completely changing the message.
The third method is to send a public message to a recipient but disguised as a private message. Thus, when responsible, your message will be visible to all participants in the conversation.
Check Point Research states that it has already informed Facebook of its findings since they consider these vulnerabilities to be of utmost importance and deserve immediate attention.
In addition, WhatsApp was notified of this at the end of 2018, but the company has only been able to solve one of the problems.
In a statement sent to Business Insider a Facebook representative said:
We reviewed this problem carefully a year ago and it is false to suggest that there is a vulnerability to the security we provide in WhatsApp. The scenario described here is simply the mobile equivalent of altering the responses in an email thread to look like something a person did not write. We must bear in mind that addressing the concerns raised by these researchers could make WhatsApp less private, such as storing information about the origin of the messages
So far, no problem related to this issue has been reported, but Check Point Research ensures that it will continue monitoring to ensure people’s privacy.