Cybersecurity experts who found a way to hack Whatsapp and manipulate chat messages said on Wednesday that Facebook has failed to address the flaws, a year after the social media network was alerted.
Researchers at security software company Check Point said in August last year that they had discovered ways in which a malicious actor could alter messages in Whatsapp, “essentially putting words in [someone’s] mouth”, and also change the
identity of the sender of content in a group chat.
But Whatsapp, which was bought by Facebook in 2014, has failed to resolve the issue, which remains today, Check Point said.
Speaking at the Black Hat cyber security conference, Oded Vanunu, head of product vulnerability research at the security company, said Facebook blamed Whatsapp’s flaws on “limitations that can’t be solved due to their structure and architecture”.
Facebook declined to comment.
Check Point said it had now launched a tool that would allow users to carry out the manipulations, in order to raise greater awareness of the issue.
“We think this is our obligation to escalate this,” Mr Vanunu said, pointing to Whatsapp’s estimated user base of 1.5bn and the risk that the techniques were used to “spread misinformation from what [would] appear to be trusted sources”.
Facebook has begun introducing some restrictions to Whatsapp following mounting concerns over the ease at which the messaging app can be used to spread misinformation and fake news.
