You can NOT verify anything by asking a challenge question. Man-in-the-middle attack means there's a "man in the middle". That is, the attacker can relay challenge question and answer between the contacts it attacks.
The _protocol_ can be arranged to help you do this, but yes just asking a challenge question inline doesn't protect against a MITM.
If Alice and Bob know a good secret (say a 128-bit AES key) then they can definitely just use that secret to protect their communications against the MITM. This only requires updating the protocol to allow such a secret to be introduced. Mallory can continue to relay messages, but they are now passive and don't learn anything beyond traffic analysis or have any ability to tamper with the messages.
But chances are Alice and Bob don't have such a secret (and of course they can't use the potentially MITM'd channel to agree one)
I _think_ if Alice and Bob know a weak human secret they can do something here with a Balanced PAKE. A PAKE lets two parties agree a key based on knowing some relatively weak secret, Mallory can try to guess but only gets one chance each time this is done and failure is detectable by Alice and/or Bob. Again this requires support in the chat protocol itself.
You can NOT verify anything by asking a challenge question. Man-in-the-middle attack means there's a "man in the middle". That is, the attacker can relay challenge question and answer between the contacts it attacks.