WhatsApp has been in the news for all the wrong reasons recently, thanks to multiple incidents of violence thanks to rumours that spread through fake news and incendiary messages on the app. While WhatsApp has been reprimanded by the government and some cyber experts, the company has been taking steps to ensure that such incidents are curbed.

But new security flaws discovered in WhatsApp could make the problem even worse, as it allows hackers to send fake messages, intercept legit messages exchanged in a conversation and modify their contents among other attacks.

Israel-based cybersecurity firm, Check Point Research, has discovered new vulnerabilities which allow hackers to manipulate texts and send fake messages in both private and group chats, and also exclude certain members of a WhatsApp group from receiving a message. This allows miscreants to create and spread fake information from what appears to be a trusted source with relative ease.

Image courtesy: Check Point Research

Check Point Research has revealed that the vulnerabilities can be exploited in three ways, which are listed below:

  1. Use WhatsApp’s ‘quote’ feature in group chats to change the identity of a message’s sender, even if the ‘perceived’ sender is not a member of that group. This loophole can be exploited to send hoax messages and spread fake news via a WhatsApp group, and the larger the number of members in a group, the greater is the impact.
  2. Modify the text of someone’s reply, so it looks like a genuine text from the sender.
  3. A hacker can also send a private message to a group member disguised as a public message. Later on, when the recipient replies to that message, it becomes visible to all members of the group.

Following the discovery of the vulnerabilities, Check Point Research reached out to WhatsApp and informed them of the flaws which could have grave repercussions if they are exploited.