WhatsApp, you can change the text of messages for a bug

A vulnerability in WhatsApp allows you to alter the text of messages: here's how it works and how to defend yourself

Researchers from Check Point, an Israeli company expert in cybersecurity, have discovered a vulnerability that allows you to modify the messages received on WhatsApp. This is a fairly serious flaw, although WhatsApp technicians, alerted to the problem, have tried to minimize the danger. Thanks to the vulnerability it is possible to proliferate fake news and alter the meaning of a sentence.

The vulnerability that affected the world's most used messaging application was presented during the Black Hat conference taking place in Las Vegas, an event dedicated to the world of cybersecurity. Check Point experts have explained how it is possible to exploit the flaw and modify the text of messages: it is not an operation within everyone's reach. You have to use WhatsApp Web, the desktop version of the application, and an ad hoc program developed by Check Point that manages to decrypt the end-to-end encryption, the technology used by WhatsApp to make inaccessible the messages we send. Technology that is probably not as inaccessible as you think.

How to alter messages received on WhatsApp

With the vulnerability discovered by CheckPoint, it is possible to change the text and the author of messages quoted on WhatsApp. In a video, the Israeli company explained how the vulnerability works.

First, you need to copy the text of the received message inside a program made by the Israeli company. After decrypting it and altering the sense of the message, you have to open WhatsApp Web and paste the new text. In this way, we will be able to quote the modified message and respond with a fake news.

In addition to changing the words of the message within the conversation in which we received it, we can also paste it within new groups. In this way, no one will be able to check that it is fake news and the message can go viral in a matter of minutes. A real danger at a time when "hoaxes" are becoming more and more central in people's online lives.

Facebook's response arrives

The vulnerability was discovered by Check Point in 2018 and immediately warned Facebook, which, however, did not consider it to be such. The Menlo Park-based company has issued a press note in which it declares that it is false to say that there is a vulnerability in the security of WhatsApp. The problem, in fact, does not concern a system developed specifically by the messaging application, but a third-party tool. In order to fix the bug, it would be necessary to save information about the origin of the messages, making the application less secure.

Also, as we have seen, to be able to alter messages requires computer skills that not everyone has. We'll see if in the next few years WhatsApp's engineers will decide to change technology for message encryption.