A newly-discovered WhatsApp bug allows hackers to infiltrate and message your group chats and private conversations.
If combined with other existing glitches, the vulnerability could allow cyber criminals to impersonate you and send fake messages to your friends and family, security experts have warned.
Researchers who unearthed the bug believe it is of the "utmost importance" WhatsApp fixes the problem – as it could be used to quickly spread misinformation.
The
Facebook-owned company says it is aware of the flaw but has no plans to patch the problem as the exploited vulnerability forms a core part of the app's design.
First discovered by Israeli cybersecurity group
CheckPoint Research, the flaw is incredibly complex and involves a gap within the app's encryption algorithms.
Writing on their
website, the team said the vulnerability could make it possible for a hacker "to intercept and manipulate messages sent by those in a group or private conversation" as well as "create and spread misinformation".
Hackers could use the bug to alter
the text sent in someone else's reply to a group chat, essentially "putting words in their mouth", the group said.
WhatsApp's 'quote' feature can also be used to change the identity of the sender, to make it appear as if it came from a person who is not even part of the group.
By doing this, it would be possible to incriminate a person or close a fraudulent deal, for example.
Finally, cyber criminals could send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation, CheckPoint said.
Read:
Also read:
The vulnerability is incredibly complex, and involves a loophole in the way WhatsApp's web and mobile versions communicate.
CheckPoint found hackers can insert themselves into the code between the two to retrieve and send fake messages from within the service.
WhatsApp said it currently has no plans to fix the vulnerability as it forms a core part of the "design framework" of the app.
The firm assured users the loophole does not affect its end-to-end encryption – the system that ensures only the users in a conversation can read its messages.
"We carefully reviewed this issue and it's the equivalent of altering an e-mail to make it look like something a person never wrote," a WhatsApp spokesperson said
"This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp."
The report of the flaw comes as the Facebook-owned company faces increasing scrutiny over the use of its popular service as a tool to spread fake news.
WhatsApp is a convenient platform through which to forward messages to large groups of people.
Last month, the app announced limits of forwarding messages following pressure from the Indian government over a spate of recent lynchings
More than 20 people have been butchered in the last three months by crazed mobs after being accused of child kidnapping and other crimes in viral messages circulated wildly on WhatsApp.
Related: