WhatsApp seems to be constantly plagued by exploits, and why not; it's one of the most-used social media applications around. This makes it the perfect platform for hackers to target, as there are so many potential victims to prey on. Yet another security issue has been unearthed by researchers, and this one isn't going to receive a fix anytime soon.

This security problem could result in hackers being able to access and communicate with your messages, as well as potentially imitating you. Here's what you need to know.

Overview

Like many of the defects we see in popular smartphone applications, this flaw was first discovered by a team of researchers. Working for a company named 'Checkpoint Research', the team found an incredibly complex issue that resulted from a hole in WhatsApp's encryption algorithms. These algorithms are used to encrypt your messages after they are sent, making them much harder to intercept.

On the website for 'Checkpoint Research', the firm explain how the security hole could allow third parties to intercept a message and manipulate it after it had been sent by the real user, spreading false information to friends and family. Using the flaw, hackers could completely change the text within the original, real message, changing the meaning of the message partially or even entirely.

How it works

There are essentially multiple ways that somebody could exploit the new flaw in WhatsApp. With enough motivation, somebody could:

  • Change the text of somebody else’s reply to a group chat message, making it appear as if they said something entirely different;
  • Use the legitimate 'quote' functionality within the application, but change the identity of the person who sent the message, making it appear that a message came from another person;
  • Send a group message to another user that is disguised as a private message, so that when the person responds, everybody can read it.

The exploit is based on WhatsApp's inherent code and works by allowing hackers to insert themselves into the code that takes place between two users or endpoints, allowing them to obtain, edit and send fake messages. By doing this, hackers can try and lead you into believing that you received a message that was never actually written by the supposed sender.

In the below image taken from Checkpoint's website, they highlight how this exploit can work:

What the company are saying

WhatsApp is owned by the same company who own Facebook, so they're currently under increased scrutiny thanks to the rough several months that the corporation have faced over security issues. Incredibly, they've communicated that they have no plans to fix the flaws that result in the above exploits being possible, as they are based on the application's core design.

They've also highlighted how the issue is the equivalent of somebody editing the chain of previous replies within an email chain, to make it appear as if a different email was sent. Though true, this kind of exploit is far more obvious within a medium such as email, and less so in a social media messaging application that is taken at face value by hundreds of thousands of users every day.

This story is further proof that you need to be wary of your smartphone security, even when using immensely popular applications such as this one. Always be sure of who you’re talking to, call your friends or family in case of doubting a strange message to confirm the information you’re reading, and never click on suspicious links you don’t recognise from within the app.

If you’d like any more advice on smartphone security and staying safe online, then you can reach WiseGuys by calling us on 0808 123 2820.