WhatsApp flaw lets hackers impersonate you

Published on: 14 Aug 2018

A newly discovered attack in WhatsApp allows hackers to impersonate users and potentially send fake messages.

The flaw - flagged by Check Point Software Technologies - means attackers can put themselves in a position of power to not only steer potential evidence in their favour, but also create and spread misinformation.

The vulnerability means hackers could change a reply from someone to put words into their mouth that they did not say or quote a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.

Additionally, they could send a message to a member of a group that looks like a group message but is in fact only sent to this member. However, when this recipient replies, their response will be sent to the entire group.

Oded Vanunu, Check Point’s head of product vulnerability research, reacted to the discovery by saying: “Given WhatsApp’s prevalence among consumers, businesses, and government agencies, it’s no surprise that hackers see the application as a five-star opportunity for potential scams.

“As one of the main communication channels available today, WhatsApp is used for sensitive conversations ranging from confidential corporate and government information, to criminal intelligence that could be used in a court of law.”

WhatsApp currently has over 1.5 billion users with over one billion groups and 65 billion messages sent every day.