WhatsApp worry: Cybersecurity firm says scammers can change messages

Facebook Inc.-owned messaging service WhatsApp, already facing heat over its use to spread false information and rumours, may now have another worry to deal with.

A US-based cybersecurity company claims it has found a flaw in WhatsApp that allows scammers to change the content or identity of the sender of a previously delivered message, according to the New York Times.

The NYT cited the company, Check Point Software Technologies, as saying that scammers can hack the app to change a ‘quote’ — a feature that allows people within a chat to display a past message and reply to it — to give the impression that someone sent a message they didn't actually send.

The report said WhatsApp acknowledged that it was possible for someone to manipulate the quote feature but that it wasn't a flaw.

A spokesman for WhatsApp told the NYT that this was the equivalent of altering an email. “What Check Point discovered had nothing to do with the security of WhatsApp’s so-called end-to-end encryption, which ensures only the sender and recipient can read messages,” the spokesman said.

The report comes at a time when WhatsApp and parent Facebook have been taking a lot of heat over their role in spreading fake news. WhatsApp especially has been under a lot of scrutiny after fake messages on its platform led to several cases of mob lynchings in India.

This has prompted both WhatsApp, which has about 1.5 billion active users globally, and the Indian government to take steps to deal with the issues.
WhatsApp has reduced the number of forward messages that can be sent at a time to five. 

The company also started marking the forward messages as ‘forwarded’ and said it will run public safety ads against fake news.

Meanwhile, the government is drafting guidelines asking social media companies to respond to complaints over content within a ‘few hours’ as against the present norm of 36 hours, The Economic Times reported on Wednesday, citing a government official it didn't name.

This means that social media companies, including WhatsApp and Twitter, will be required to remove an offensive post within a few hours.

The Ministry of Electronics and IT has been sending stern warnings to WhatsApp to develop a mechanism to immediately stop the spread of misinformation.