Tuesday, 18 September 2018
Latest news
Main » WhatsApp group chats can be infiltrated without admin permission

WhatsApp group chats can be infiltrated without admin permission

11 January 2018

"If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against".

WhatsApp group chats might not be so secure and can easily be infiltrated without permission of the group admin, according to a team of German security researchers. WhatsApp, however, has turned down the claim.

According to the report, while Signal and Threema's flaws were not so serious, with WhatsApp they released that anyone with control of the app's servers could insert new people into private groups.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them", Paul Rosler, one of the Ruhr University researchers, was quoted as saying. However, doing so leaves traces as this operation is listed in the graphical user interface and the WhatsApp server can thus use the fact that it can stealthily reorder and drop messages in the group.

More news: Canada braces for possible U.S. exit from NAFTA trade pact

The researchers go on to explain that while only an admin of a WhatsApp group can invite new members, the messaging app does not have a mechanism to authenticate that invitation.

"The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages", the report added. End-to-end encryption offered by WhatsApp should be applicable on the server level to prevent such issues.

"Everyone in the group would see a message that a new member had joined", he argued.

But the researchers said it would be possible to get the server to jumble up the way in which messages are sent, so that members would not receive this notification or be aware of the newcomer. In a statement to Wired, the company said, "We've looked at this issue carefully..."

More news: Ford Puts Auto Emergency Brakes On Two 2019 Models

Moxie Marlinspike, a security researcher who developed Signal, which licenses its protocol to WhatsApp, said that the current app design is reasonable, and that the report only sends a message to others not to "build security into your products, because that makes you a target for researchers, even if you make the right decisions".

With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages. "WhatsApp is built so group messages can not be sent to hidden users and provides multiple ways for users to confirm who receives a message prior to it being sent", Stamos said.

According to WABetaInfo, a fan site that tests new WhatsApp features early, the popular mobile messaging platform has submitted the "Restricted Groups" setting via Google Play Beta Programme in the version 2.17.430. As Wired puts it this type of attack is probably limited to "sophisticated hackers who could compromise those servers, WhatsApp staffers, or governments who legally coerce WhatsApp to give them access".

More news: Defense lifts Jaguars past Bills

WhatsApp group chats can be infiltrated without admin permission