A cybersecurity firm has discovered a flaw in WhatsApp that allows hackers to intercept and manipulate messages — potentially changing the identity of a message sender or altering their text.
Attackers could literally “put words in [someone’s] mouth,” Israeli firm Check Point Research said in a press release on Wednesday. It added that this gives the attacker the power to “create and spread misinformation from what appear to be trusted sources.”
Check Point reversed WhatsApp’s encryption algorithm and decrypted the data. Once it did so, it was able to see all the parameters that are sent between the web and mobile version of WhatsApp and manipulate this data.
So, for example, if it wanted to change your message, it captures the outgoing message from WhatsApp, decrypts the data, changes it to whatever it wants it to say, and then encrypts it back.