A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats. "It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted", the spokesperson added.
Once a new member who is uninvited has been added to the group, the confidentiality of the group will be broken as the member can access all the new messages and read them, claims one of the researchers.
"The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages", the report added.
While, the group and the chats themselves have a layer of end-to-end encryption, the servers that the chats run on don't. The obvious examples that come to mind are hackers who manage to gain access to WhatsApp servers or a government successfully pressuring WhatsApp to give it access to targeted group chats.
Barack Obama Talks Dancing Onstage with Prince & Daughter Sasha
Add Barack Obama as an interest to stay up to date on the latest Barack Obama news, video, and analysis from ABC News. Upcoming guests include George Clooney , activist Malala Yousafzai, Jay-Z, Tina Fey and Howard Stern .
For the Signal messaging app, which uses the same underlying encryption protocol as WhatsApp, the security researchers found the app contains the same group chat vulnerability but further mitigated by an attacker not only having to control the relevant Signal server but also having to know the Group ID number for the chat (and these IDs are essentially unguessable).
The vulnerabilities found in Threema and Signal are relatively harmless compared to the problems researchers found with WhatsApp, because of the relative ease with which new people can be inserted into private groups without any permission.
'We built WhatsApp so group messages can not be sent to a hidden user. Someone with control of WhatsApp's servers can add a new person to a group without administrator even knowing, is what the researchers claim.
Perhaps even more troubling, a compromised admin with control of the server could manipulate the messages that would alert group members that someone new had been added, according to the researchers.
New additions to the group chat would be notified to all members of the chat just like normal.
Magnitude 7.6 earthquake hits in Caribbean north of Honduras; tsunami advisory canceled
President Juan Orlando Hernandez said authorities had activated the country's emergency system but urged people to remain calm. Despite the strength of th natural disaster , only minor damage has been reported so far, particularly in Honduras.
"We've looked at this issue carefully", a spokesman told us.
The system relies on unique security keys "that are traded and verified between users to guarantee communications are secure and can not be intercepted by a middleman", the report said.
The messaging giant added "end-to-end encryption" two years ago, which it was thought to have made messaging more secure as the messages were scrambled so that they could only be read by those who were meant to receive them.
"Given the alternatives, I think that's a pretty reasonable design decision, and I think this headline pretty substantially mischaracterizes the situation".
Calvin Ridley declares for draft; RB Damien Harris to stay at Bama
Alabama's second-leading WR in 2017 was freshman Jerry Jeudy , catching 14 passes for 264 yards and two TDs. Ridley totaled 4 catches for 32 yards in the Crimson Tide's victory against Georgia on Monday.