WhatsApp has been fighting with governments and law enforcement agencies that its messaging service is encrypted end-to-end and there is no way it can be intercepted or broken into. An Israeli cybersecurity firm has smashed this claim by demonstrating that not only can they intercept and decrypt a WhatsApp message but they can change the sender’s identity as well.
The Israeli company claims that they had shared their work with WhatsApp informing of the vulnerability in their messaging app. The company, Check Point Release, says WhatsApp has not fully resolved the issue. They have now issued a press release with the details and the images of the screenshots where the original message and the manipulated one.
That is the real issue. This vulnerability can be exploited by any unscrupulous person to plant a rumour and alter the sender’s identity to make it sound as if it is the real source. The results can be quite damaging. You just have to go back a few months when the Indian government had to summon the WhatsApp officials following reports of violence from many parts of the country following false rumours being spread through WhatsApp messages. WhatsApp took a few steps like mentioning the ‘Forwarded’ indication prominent and then going on to add features like how many times a message has been forwarded and so on.
What has been demonstrated is the vulnerability to reverse-engineer the algorithm that WhatsApp uses to decrypt and encrypt messages. This allowed these researchers to alter whichever parameter they wanted.
WhatsApp has not officially reacted to the report and every user must be hoping that the company takes the actions needed to prevent anything like this from happening.