Three vulnerabilities were discovered in the WhatsApp messenger. The discovery was made by employees of an Israeli security software development company Check Point Research. Each WhatsApp error is associated with various misinformation manipulations with messages, in which you can change the text itself or the author of the message.
Means of disinformation
Replacing the original message is done in one of three ways. One of the vulnerabilities is using the group chatting option. As a result, you can change the author of the message, giving him another participant in the conversation or a non-existent interlocutor instead. Another bug allows attackers to pass off private messages as public messages by sending them to group members. The third mistake in WhatsApp allows you to use someone else's messages when quoting, while changing their text.
The owner of the messenger - Facebook corporation has already fixed one of the bugs related to sending private messages to a general group. Other vulnerabilities still remain unpatched, although Check Point Research reports that the company knew about them a year ago.
At the Black Hat cybersecurity event, Check Point experts said that Facebook is pointing out limitations related to the platform's structure, due to which the remaining bugs cannot be fixed. At the same time, the press service of the social network does not consider these features of WhatsApp to be vulnerabilities. Facebook explains that it is not possible to restrict the spoofing of texts (for example, by keeping information about the original origin of the message), since this may affect the security of the messenger.
Other WhatsApp Vulnerabilities
This is not the first time that WhatsApp has encountered problems. So, in the spring it became known that a vulnerability was found in the messenger, with the help of which the Pegasus spyware can be remotely installed on the user's smartphone. WhatsApp representatives later confirmed this problem. The bug turned out to be related to audio calls. To install the malicious program, it was only necessary to initiate a WhatsApp call. In this case, it was enough only to receive a call to the devices, it was not necessary to answer it. The Pegasus software solution is often used by security agencies in various countries to detect terrorist threats or conduct surveillance in a timely manner. This software allows you to get geolocation information, access emails and messages, turn on the camera or microphone on your smartphone.
At the beginning of the year, another WhatsApp error was discovered, which was found by the users of the application. It turned out that the messenger sometimes saves an archive of correspondence after deactivating the cell number. As a result, if the next subscriber buys this number from a mobile operator, he will get access to the messages of its previous owner.
Recall that the geography of WhatsApp distribution covers 180 countries in which more than 1.5 billion people use the messenger. According to statistics, the average user visits the app about 23 times a day.
The Topic of Article: Vulnerabilities found in WhatsApp that can be used to spoof messages.