WhatsApp text hack: what is it and why hasn’t it been fixed by Facebook?
Israeli cybersecurity firm alerted the social media giant to flaws a year ago
A cybersecurity firm that discovered vulnerabilties in WhatsApp a year ago has revealed that parent company Facebook still hasn’t rectified the issues.
Israel-based company Check Point Software Technologies claims its researchers found three software flaws that could be used to “alter conversations”, Bloomberg reports.
Yet despite warning Facebook about the vulnerabilities, only one has been fixed. Oded Vanunu, a researcher at Check Point, told the BBC that the security flaws could be used by “malicious actors” to manipulate conversations.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
How do the hacks work?
The flaws were demonstrated by Check Point during a briefing this week at the annual Black Hat security conference in Las Vegas.
According to the Financial Times, the vulnerabilities centre around WhatsApp’s “quote function”, which allows users to respond to another person’s message while quoting them at the same time.
One of the faults could allow an attacker to change the identity of a sender in a group chat; impersonate another member of the group; or create a new “non-existent” member using an exploit associated with the quote function.
Another of the alleged glitches lets users adjust the content of a quoted message, making it “appear as if that message had originally been something different”, the newspaper adds.
The final flaw, which has since been rectified, could be used to trick users into believing they were sending a private message to one person, when in fact their reply went to a more public group, reports Forbes.
Why haven’t they all been fixed?
When Check Point initially warned the social media giant about the glitches, Facebook claimed that it was unable to rectify all three issues due to “infrastructure limitations”, researcher Vanunu told the BBC.
WhatsApp’s encryption systems, which prevent hackers from snooping on conversations, are believed to make it “extremely difficult - perhaps impossible - for the company to monitor and verify the authenticity of messages being sent by users”, the broadcaster says. Other fixes could have an impact on the usability of the app.
This week, Facebook insisted that the research presented by Check Point did not reveal any vulnerabilities within WhatsApp.
“We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp,” a company spokesperson told Bloomberg.
“The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private, such as storing information about the origin of messages.”
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Magazine solutions - December 27, 2024 / January 3, 2025
Puzzles and Quizzes Issue - December 27, 2024 / January 3, 2025
By The Week US Published
-
Magazine printables - December 27, 2024 / January 3, 2025
Puzzles and Quizzes Issue - December 27, 2024 / January 3, 2025
By The Week US Published
-
Why ghost guns are so easy to make — and so dangerous
The Explainer Untraceable, DIY firearms are a growing public health and safety hazard
By David Faris Published
-
Is the AI bubble deflating?
Today's Big Question Growing skepticism and high costs prompt reconsideration
By Joel Mathis, The Week US Published
-
How social media is limiting political content
The Explainer Critics say Meta's 'extraordinary move' to have less politics in users' feeds could be 'actively muzzling civic action'
By Chas Newkey-Burden, The Week UK Published
-
Twitter's year of Elon Musk: what happens next?
In the Spotlight 'Your platform is dying', says one commentator, but new CEO is aiming for profitability next year
By Chas Newkey-Burden, The Week UK Published
-
Turns out Facebook isn't as polarizing as previously thought
Talking Point New studies show that, contrary to prior belief, the algorithm has little effect on driving polarization
By Theara Coleman Published
-
Mark Zuckerberg vs. Elon Musk: a tale of the tech tape
Under the Radar The two men challenged each other to a fight after years of sniping
By Justin Klawans Published
-
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Under the Radar Affected companies urged to install security patches and not pay cyber criminals behind hack
By Rebekah Evans Published
-
How greater online regulation is prompting fears of a ‘splinternet’
feature Government pressure worldwide means the internet is not as open as it once was
By Sorcha Bradley Published
-
Donald Trump, the Pope and the disruptive power of AI images
feature AI-generated deepfakes blur reality and could be used for political disinformation or personal blackmail
By The Week Staff Published