WhatsApp is reportedly yet to address a number of critical security flaws that have been linked to dozens of lynchings in India over the past couple of years. According to Israeli cyber-security firm, Check Point, the company has failed to address the issues in spite of being alerted to the problem last year.
In a report presented Wednesday at the annual Black Hat security conference in Las Vegas, the researchers said that the vulnerabilities enable threat actors to intercept and manipulate messages to create and spread misinformation.
As per the report, the vulnerability could be exploited in three ways, all of which involve social engineering tactics to fool end-users. First, a bad actor could use the ‘Quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group. Second, he/she could alter the text of someone else’s reply, essentially putting words in their mouth.
The Facebook-owned company, however, is said to have fixed a third vulnerability, which allowed private messages to be sent to a group participant disguised as a public message. However, it is still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources, said the report.
Facebook, however, is pushing back at suggestions that the company didn’t take any safeguards against the spread of misinformation. In a statement to IANS, a Facebook spokesperson said it reviewed the issue a year ago and found that it was “false to suggest there is a vulnerability with the security we provide on WhatsApp”.
“The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private – such as storing information about the origin of messages”, the spokesperson said.
With inputs from IANS
