A new WhatsApp vulnerability can be used to alter messages in chats

WhatsApp process over 60 billion messages sent every day by over 1 billion users. The instant message platform owned by Facebook has had many problems in the past including the spread of fake news and rumors. All these problems added up more and more restrictions to the famous chat platform, like the number of times a particular message could be forwarded.

Now an even worse vulnerability is used by hackers, who have figured out a way to manipulate conversations in order to modify existing replies that were received. This cyber attack is done by quoting a message which will appear as it came from another user who may not be part of the group and sending private messages that can be seen by only one person in a group but having their replies go to everyone in it.
In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.

If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Because WhatsApp’s is very popular among consumers, businesses, and government agencies, hackers will always keep looking for opportunities to do potential scams
WhatsApp had become one of the main communication channels, which is used for sensitive conversations ranging from confidential corporate and government information to criminal incrimination.

Knowing this it is understandable why hackers are looking for ways to manipulate conversations and group messages in order to change evidence and spread fake news and misinformation.

The cyber attack vector
WhatsApp encrypts messages sent through the app. So if a hacker wants to know how WhatsApp sends a message, he will first need to decrypt the network request. In the way, WhatsApp all the messages between users will remain secure, but a local client still needs to decrypt the message. By knowing this, hackers managed to reverse the encryption and then locally decrypt the network requests to determine how communication is done.
Once the network was decrypted they could see what variables were being used when a message is sent. This kind of knowledge gives them a way to manipulate the variables in order to modify messages or change the way they appear.

We would continue to monitor this cyber attack. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.