This WhatsApp Security Flaw Isn’t As Bad As It Sounds
A security warning of sorts was issued to WhatsApp users this week stating that the platform has a security flaw that allows someone to “use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not group member “and” Change the text of someone’s response, essentially putting words in their mouth. “
Check Point Research pointed out this flaw at this year’s Black Hat Security Conference. Previously, this was discussed a year ago.
Although several sites wrote about the exploit, it turned out that it was not as important as Check Point had suggested.
Facebook provided The Next Web with the following statement regarding the issue:
We took a close look at this issue a year ago, and it would be wrong to assume that there is a security vulnerability that we provide to WhatsApp. The scenario described here is simply the mobile equivalent of changing the replies in a thread to make them look like the person was not writing. We must bear in mind that addressing the issues raised by these researchers could make WhatsApp less confidential – for example, storing information about the origin of messages.
The crux of the problem is that if WhatsApp fixes the problem, it will also make the app less private. Perhaps having an exploit is much better than fixing it at the expense of the user’s privacy.
The process for an attacker to use an exploit is also quite complicated. Obviously, this does not mean that someone will not do it, but changing this message is not easy.
All that can be said: it doesn’t really matter. But perhaps if you see that someone has sent something that seems extremely unusual, find another way to confirm that the message really came from the person who allegedly wrote it.