A flaw has been discovered in WhatsApp that could allow hackers to edit users' messages - essentially putting words in their mouths.
Cyber security researchers at Check Point Research demonstrated how the flaw could be exploited at the Black Hat cybersecurity conference in Las Vegas this week.
They developed a tool that makes it possible to alter the text within quoted messages before they are delivered to the recipient.
The tool also allows an attacker to change how the sender of the message is identified, making it possible to attribute a comment to a different source.
The researchers claim that the tool could be used to incriminate a person or close a fraudulent deal.
It could also give attackers the power to create and spread misinformation from what appear to be trusted sources.
Check Point Research notified WhatsApp about the vulnerability at the end of 2018, but the company has failed to address the issue.
"We believe these vulnerabilities to be of the utmost importance and require attention," the researchers said in a blog post .
Facebook , which owns WhatsApp, declined to comment on the issue.
Luckily the researchers have no intention of releasing their WhatsApp hacking tool into the wild - it was created to provoke discussion.
However, as long as the flaw exists, there is a risk that real hackers could create their own tools to exploit the vulnerability.
"Threat actors have an additional weapon in their arsenal to leverage the messaging platform for their malicious intentions," the researchers said.
