Dubai: WhatsApp users have been warned against a newly discovered flaw in the messaging service that can allow fraudsters to intercept and manipulate chats.
The Facebook-owned app, which currently has more than 1.5 billion users and is widely popular in UAE, has already been the target of a number of fraud attempts, from free airline tickets to retail vouchers.
Just last week, major hypermarket retailer LuLu warned users of a voucher scam being circulated through WhatsApp and tricking people into sharing their private details, including bank account and credit card information.
But new research has found that fraudsters can’t just forward, share or spread fake news, they can now intercept and alter messages for malicious purposes.
According to cybersecurity company Check Point that tested the vulnerability of WhatsApp algorithms, it may be possible for hackers to infiltrate private and group conversations and do any of the following:
1. Change a reply from someone to put words into their mouth that they did not say. For example, the message with the content “Great” sent by a member of a group could be changed to something else like: “I’m going to die in a hospital right now.”
2. Quote a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
3. Send a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.
The newly discovered “vulnerabilities,” can put con artists “in a position of immense power” to not only crack into people’s messages, but also spread misinformation or fake news, according to Check Point.
Should UAE users be alarmed?
Other IT security experts, however, clarified that Check Point’s findings were mainly based on the cybersecurity company’s study and that no actual hacking cases have been reported so far.
Also, not every single WhatsApp user may be prone to attacks, as the mentioned flaw seems to be focused around group chats and users of WhatsApp web.
“It is not the end-to-end encryption that is broken, but a specific flaw around how group chats are used, which combined with social engineering, the art of tricking a user to do something unintentional, can be damaging,” Nicolai Solling, chief technology officer at Help AG, told Gulf News.
“The research itself relies on certain attack methods to obtain the keys, specifically around the use of WhatsApp web. In general WhatsApp web is meant as an extension to your WhatsApp mobile app, and WhatsApp web should only be used on devices you trust,” he added.
To protect themselves, users should try to limit the use of WhatsApp web. “Only access this from a computer you trust,” said Solling.
“All communication can never be completely be trusted. History has told us that all encryption can be broken or at least bypassed. Therefore, always stay sceptical and alert.”
Here are more examples of what hackers can do: