WhatsApp users are being warned of a newly-discovered attack that lets hackers infiltrate your private messages and group chats.
Combined with other flaws, the vulnerability allows cyber criminals to impersonate you by taking control of your WhatsApp account.
The exploit, discovered by Israeli cybersecurity group CheckPoint Research, is made possible by a loophole in the way WhatsApp's web and mobile versions communicate.
The research group discovered that hackers can insert themselves into the code between two participants to retrieve and send fake messages from within the service.
According to CheckPoint, hackers can use the following tactics to manipulate your messages;
1. Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.
2. Alter the text of someone else’s reply, essentially ‘putting words in their mouth.’
3. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
By doing this, it would be possible to incriminate a person or close a fraudulent deal, for example.
Cyber criminals could send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
Facebook stated it was aware of the flaw but has no plans to patch the problem as the exploited vulnerability forms a core part of the app's design.
"We carefully reviewed this issue and it's the equivalent of altering an e-mail to make it look like something a person never wrote.
"This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp," a WhatsApp spokesperson noted.
The report of the flaw comes as the Facebook-owned company faces increasing scrutiny over the use of its popular service as a tool to spread fake news.