Researchers claim to find a way to infiltrate WhatsApp Group chats

Share

A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats. "It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted", the spokesperson added.

Once a new member who is uninvited has been added to the group, the confidentiality of the group will be broken as the member can access all the new messages and read them, claims one of the researchers.

After an initial story was published by Wired Facebook's chief security officer, Alex Stamos tweeted that it was not possible to access WhatsApp group chats.

"The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages", the report added.

While, the group and the chats themselves have a layer of end-to-end encryption, the servers that the chats run on don't. The obvious examples that come to mind are hackers who manage to gain access to WhatsApp servers or a government successfully pressuring WhatsApp to give it access to targeted group chats.

Ritz hotel robbery: Armed thieves steal jewellery worth millions in Paris
As the robbers opened fire on the hotel, guests at the Hemingway bar were told to "get down", eyewitnesses have said. Three of the robbers were arrested after the smash-and-grab, but two remain on the run, a police official said.

For the Signal messaging app, which uses the same underlying encryption protocol as WhatsApp, the security researchers found the app contains the same group chat vulnerability but further mitigated by an attacker not only having to control the relevant Signal server but also having to know the Group ID number for the chat (and these IDs are essentially unguessable).

The vulnerabilities found in Threema and Signal are relatively harmless compared to the problems researchers found with WhatsApp, because of the relative ease with which new people can be inserted into private groups without any permission.

'We built WhatsApp so group messages can not be sent to a hidden user. Someone with control of WhatsApp's servers can add a new person to a group without administrator even knowing, is what the researchers claim.

Perhaps even more troubling, a compromised admin with control of the server could manipulate the messages that would alert group members that someone new had been added, according to the researchers.

New additions to the group chat would be notified to all members of the chat just like normal.

Revealed! Have Extra sleep of 20 minutes and reduce unhealthy sugars
Researchers looked at 42 healthy people who were slightly sleep deprived - getting between five and seven hours sleep a night. The study found that 86% of participants in the sleep extension group increased the amount of time they spent in bed.

"We've looked at this issue carefully", a spokesman told us.

The system relies on unique security keys "that are traded and verified between users to guarantee communications are secure and can not be intercepted by a middleman", the report said.

The messaging giant added "end-to-end encryption" two years ago, which it was thought to have made messaging more secure as the messages were scrambled so that they could only be read by those who were meant to receive them.

"Given the alternatives, I think that's a pretty reasonable design decision, and I think this headline pretty substantially mischaracterizes the situation".

Magnitude 7.6 earthquake hits in Caribbean north of Honduras; tsunami advisory canceled
President Juan Orlando Hernandez said authorities had activated the country's emergency system but urged people to remain calm. Despite the strength of th natural disaster , only minor damage has been reported so far, particularly in Honduras.

Share