Israeli security company Check Point Research showed that WhatsApp messages and the identity of the sender can be changed if the account is hacked. This was revealed by the researchers during the annual Black Hat security conference held in Las Vegas on August 7. According to the report, a threat actor may potentially: Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group. Alter the text of someone else’s reply, essentially putting words in their mouth. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation. Its worth noting that Check Point had notified WhatsApp about the risks towards the end of 2018 that the risks would allow threat actors to intercept and manipulate messages sent in both private and group conversations, allowing them to create and spread misinformation from channels which appear to be trusted sources. According to the security company, WhatsApp has fixed the third risk but it is still possible to manipulate quoted messages and spread misinformation. In response to MediaNama’s query, a spokerperson of WhatsApp's parent Facebook said, “We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp. The scenario described here is merely the mobile equivalent of altering replies in an email thread…
