WhatsApp has refused to fix a security flaw that allows hackers to spoof messages and make it look as if they are coming from someone else, almost a year after a cybersecurity company warned that it could permit the spread of misinformation and fake news.

Check Point, an Israeli cybersecurity company, detailed the vulnerabilities in the popular Facebook-owned messaging app at the Black Hat conference in Las Vegas. It said the glitch gave attackers "immense power to create and spread misinformation from what appear to be trusted sources".

Check Point said it found three potential ways to alter conversations. The first uses the "quote" feature in a group conversation to change the appearance of a sender's identity.

Another flaw allows a hacker to change the text of a reply. A further vulnerability lets a person send a private message to another group participant disguised as a public message to all.

If exploited, the loophole, discovered in late 2018, would be at best embarrassing for WhatsApp's 1.5bn users. Mr Vanunu claimed it could be used to spur a fake news epidemic.

He said that Check Point began investigating WhatsApp after hearing there might a vulnerability on the service, which he claimed could erode democracy by spreading polarising messages.

The company said that Facebook had only addressed one of the flaws since they had been identified - disguising a private message as one that becomes visible to an entire group.