[Aug 10, 2018]
Researchers at Check Point Software Technologies say they have discovered a dangerous weakness in the WhatsApp messaging app that gives threat actors a way to manipulate content in private and group conversations on the platform without raising any red flags.
Problem lies in WhatsApp’s validation of message parameters and cannot be currently mitigated, Check Point researchers say.
The security vendor this week published a report demonstrating how an adversary could exploit the issue to change the identity of a message sender, alter the text of message replies, and send private messages spoofed as a public message to individual participants in a group.
In a statement, a spokeswoman for the Facebook-owned WhatsApp said “This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.”