WhatsApp Security Flaw Lets Hackers Enter Any Group Unnoticed

Leigh Mccormick
January 14, 2018

A flaw in WhatsApp's group messaging protocol means that, despite its vaunted end-to-end (E2E) encryption, messages can still be read by unwanted eyes, researchers from Germany's Ruhr University Bochum have found.

The WhatsApp flaw allows anyone in control of WhatsApp servers to insert new participants into a private group without the permission of group admins. Facebook-owned chat company WhatsApp is testing a new feature that will allow one admin to remove the other one from the post of group admin.

Encryption has always been one of the more hard elements of group chat; the best protection in the world can not stop unintended readers from seeing messages once they've been decoded. Accordingly, the server can just add a new member to an existing group without any interaction from the administrator.

As indicated by WABetaInfo, a fan site that tests new WhatsApp includes early, the new alternative, display in the Group Info area as Dismiss as administrator, enables a manager to expel another without expelling him or her from the gathering.

With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages.

Security researchers have discovered a method of infiltrating group chats in WhatsApp, effectively rendering the chat tool's end-to-end encryption useless. "He can cache all the message and then decide which get sent to whom and which not", Mr. Roster added. It would appear as if the new member had the permission of the admin to join.

Washington native Jacob Eason expected to transfer to University of Washington
He started the 2017 season opener against Appalachian State, but sustained a left knee injury on the third series of the game. Quarterback Jacob Eason announced Friday that he will transfer from the University of Georgia .

A flaw in popular encrypted chat programs WhatsApp, Threema and Signal theoretically allows nearly anyone to control important servers, bypass encryption and add themselves to group chats.

However, Facebook's Chief Security Officer Alex Stamos downplayed the security risks on Twitter, noting that there "isn't a secret way" into WhatsApp group chats. Thus, servers can not detect if the admin added new members or someone unknown joined the private conversation.

We've looked at this issue carefully.

In contrast, Telegram does no encryption at all for group messages, even though it advertises itself as an encrypted messenger, and even though Telegram users think that group chats are somehow secure. The privacy and security of our users are incredibly important to WhatsApp.

"The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group", the paper states. "But there is no secret way into WhatsApp groups chats". "And if not, the value of encryption is very little", researcher Paul Rösler was quoted saying in the report.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER