During the Black Hat security conference held last week in Las Vegas, security researchers at Check Point discussed
several flaws that they found in popular messaging app WhatsApp. The latter, as many of you probably already know, was acquired by Facebook in 2014 for a price north of $21 billion. One of the features that drive users to WhatsApp is its use of end-to-end encryption; this means that a message posted by a user cannot be read by anyone but the recipient. Even Facebook can't see the message. But the flaws found by Check Point have some serious consequences for users.
The security team noted that one of the flaws it found in WhatsApp could allow a hacker to not just read a message sent by a member, but change the message as well. I would imagine that we don't have to tell you the implications of this. Another flaw could allow a hacker to attribute a message to another person instead of the actual sender. Again, we don't have to spell out the chaos that could result should some attacker actually exploit this vulnerability. After all, WhatsApp has over 1.5 billion users in more than 180 countries. By 2021, WhatsApp is expected to have 25.6 million users in the states.
Check Point also discovered that yet another flaw in WhatsApp could allow a hacker to disguise a public message as a private message. This could lull the recipient into thinking that his or her response will be private when in fact, it would be visible to others. When Check Point originally discovered these three issues last year and pointed them out to Facebook, the company was able to fix this particular problem although the first two flaws remain available for what Check Point calls "threat actors."
"We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp. The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private – such as storing information about the origin of messages."-Facebook
So keep in mind that just because WhatsApp has end-to-end encryption, it doesn't mean that there aren't any flaws that can't be exploited for evil reasons.