Facebook’s WhatsApp chat app is one of the most popular messaging applications out there. It’s available on virtually any platform, making possible encrypted chats and voice communication across devices.
Unlike Facebook’s Messenger, which has plenty of users of its own, WhatsApp is end-to-end encrypted, just like Apple’s iMessage, which means your chats and calls are secure over WhatsApp.
But hackers did find a way to alter sent messages in conversations, a flaw that WhatsApp isn’t going to fix. You shouldn’t worry about it because it might not do any harm.
Check Point Software Technologies discovered that, by creating a hacked version of WhatsApp, attackers could change the quoting feature. That’s a way to reply to distinct messages, with the reply including the original quote.
The purpose of this attack would be to give someone the impression that someone sent a message that wasn’t actually sent.
The company told The New York Times that it “carefully reviewed this issue and it’s the equivalent of altering an email.” WhatsApp says it’s not a flaw, and it won’t fix it.
WhatsApp also said it’s working on a way of finding and removing anyone using a fake WhatsApp app.
On the other hand, WhatsApp is currently dealing with a wave of criticism regarding the spread of fake news in markets including India and Brazil. But, as long as hackers aren’t abusing the quotation hack to spread misinformation, you shouldn’t worry about it.
Deploying a permanent fix would be possible, but burdensome to the system, which would have to check the authenticity of sent messages. Even worse, the only way to do it is to keep track of all conversations happening on WhatsApp on a server somewhere — and with more than 1.5 billion users, WhatsApp chats would generate a lot of data. Storage isn’t necessarily the problem. But copying all messages would mean disabling end-to-end encryption. That’s something we don’t want Facebook to do with WhatsApp.
So far, WhatsApp and Check Point did not see anyone abuse the quote hack.
Check Point also discovered a hack that would affect group chats. It’s possible sending a message to a specific individual who would think the entire group saw the news, and then respond accordingly would respond accordingly.