Security researchers reveal flaw in WhatsApp encryption

WhatsApp security loophole can add uninvited members to your groups

Security researchers reveal flaw in WhatsApp encryption

A team of German cryptographers claims to have discovered flaws in WhatsApp Group chats despite the end-to-end encryption technology the instant messaging platform uses.

Any individual that is in charge of the servers could embed new people in private group chats without needing the authority from the admin.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired.

A security flaw in the encrypted mobile messaging service WhatsApp could enable hackers to spy on private group chats, researchers warn.

Encryption has always been one of the more hard elements of group chat; the best protection in the world can not stop unintended readers from seeing messages once they've been decoded. "Existing members are notified when new people are added to a WhatsApp group". Whenever a new member is to be added, the administrator first sends a request to the WhatsApp server with the ID of the new member that it wants to add. WhatsApp is a widely used messenger and is available in more than 60 different languages which include 10 Indian languages.

Researchers from the Ruhr University Bochum analyzed flaws in three encryption chat apps: WhatsApp, Signal and Threema. However, users still get a notification of a new member joining.

WhatsApp is now looking forward to giving more power to the group admins through various options.

More news: Intel's Meltdown and Spectre patch is wreaking havoc on older CPUs

Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!"

In a statement to IANS on Thursday, a WhatsApp spokesperson said: "We've looked at this issue carefully". It supports voice and video, and starting this week, WhatsApp's enabling a new feature in the latest Android beta version that lets users switch between voice and video during an active call. "And if not, the value of encryption is very little".

This means that an attacker can add someone to a conversation and read all future messages sent in the chat (past messages are still hidden).

If you use it on someone, they'll lose all of their admin privileges, and become standard group chat participants instead.

"If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against".

The new "Dismiss as Admin" feature comes in the Group Info section, and a user can simply remove another user as admin by tapping on this.

Latest News