02:30 GMT07 May 2021
Listen Live
    Tech
    Get short URL
    0 14
    Subscribe

    A team from cybersecurity firm Checkpoint has demonstrated a vulnerability in Facebook’s WhatsApp, noting that it is possible to make it look as if a person had said something they did not.

    The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year. The vulnerability could be used by “malicious actors” to manipulate conversations on the platform, create fake news and fraud, researcher Oded Vanunu told the BBC.

    “You can completely change what someone says,” Vanunu said. "You can completely manipulate every character in the quote.”

    The tool also allows an attacker to change how the sender of the message is identified, making it possible to attribute a comment to a different author. Another flaw could trick users into believing they were sending a private message to one person, when in fact their reply went to a more public group, yet that one was successfully fixed by Facebook.

    According to Vanunu, Facebook told the researchers that other issues could not be resolved due to “infrastructure limitations” on WhatsApp, as the encryption technology used in the messenger made it extremely difficult for the company to monitor and verify the authenticity of messages being sent by users. 

    Vanunu said that the researchers decided to publicly reveal the flaw hoping it would provoke discussion, even though it could make it easier for others to exploit the vulnerability.

    “[WhatsApp] serves 30% of the global population. It's our responsibility. There is a big problem with fake news and manipulation. It's the infrastructure that serves more than 1.5 billion users. We cannot put it aside and say: 'Okay, this is not happening,’" he said.

    Facebook issued a statement to the BBC, denying that there is a security vulnerability, adding that they have been aware of the issue for a year now.

    “The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn't write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private - such as storing information about the origin of messages,” the statement reads.

    The possibility of spreading misinformation on WhatsApp has been a major cause of concern, particularly in countries such as India and Brazil, where misinformation has lead to instances of violence, and in some cases, death. WhatsApp made changes to its platform in an effort to reduce the spread of misinformation, including limiting the number of times a message could be forwarded.

    Related:

    Knives for Sale: UK Facebook Users Openly Flogging Blades Despite New Gov't Regulations
    US Court Decision Allows Users to Sue Facebook Over Abuse of Face Recognition Technology
    Albanian Gangs Use Facebook as Hub to Dodge Immigration Raids, Smuggle Migrants to UK - Report
    Why Doesn't Facebook Stop Albanian Criminals Posting Advance Notice of Immigrant Raids?
    Area 51 ‘Raid’ Creator: Facebook Tried to ‘Censor’ Millions of Truth-Seekers by Removing Event Page
    Tags:
    message, flaws, WhatsApp, WhatsApp
    Community standardsDiscussion