Security researchers have discovered that it’s possible for hackers to change both the content and the sender of a WhatsApp message after you’ve received it …
This includes the ability to change quoted messages, to make it appear you said something you didn’t.
CNET reports that the possibility was discovered by Check Point Software Technologies.
[The firm] found that hackers can create a hacked version of the app and alter a quoted message (a past one that someone is replying directly one) to change the content or sender.
The hacker would, however, need to be part of the chat, so the vulnerability mostly applies to group chats.
WhatsApp told the NYT that it was not aware of the technique being used in the wild, and a cure would be worse than the problem.
One solution would be to create transcripts of every message exchange to verify the accuracy of every quote. Creating such a transcript is a significant privacy risk because those accounts of what people wrote to each other must be stored somewhere, the company said.
All WhatsApp messages are protected by end-to-end encryption, which means that only those within a chat would be able to exploit the loophole. Storing a transcript would effectively mean removing that end-to-end encryption.