WhatsApp 'bug' raises questions over group message privacy

WhatsApp 'bug' raises questions over group message privacy

German Cryptographers, in their research, have found out that WhatsApp group chats are hackable citing that any new member can read the group chats.

According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group.

So the server can simply add a new member to a group with no interaction on the part of the administrator.

Paul Rösler, Christian Mainka, and Jörg Schwenk analyzed the three widely used protocols and their implementations, and found that if someone - e.g., nation-state backed hackers (illegally), or law enforcement or intelligence agencies (legally) - gains control of WhatsApp's servers, they could easily insert a new member in a private group without the permission of the group's administrator (s). Usually, only admins can add the new members to private groups.

Once a new member who is uninvited has been added to the group, the confidentiality of the group will be broken as the member can access all the new messages and read them, claims one of the researchers.

According to the report, the attack on WhatsApp group chats takes advantage of a bug.

Once the new person is added to the group, the phone of each member of the group chat automatically shares secret keys with that person, giving them full access to all future encrypted messages sent in the chat.

While messages shared before the attacker enters the group can not be read, it does give the person access to all messages which are shared from this point onward.

More news: Jimmy Iovine Says He's Not Leaving Apple, Calls Rumours 'Fake News'

In May 2016, Facebook-owned-WhatsApp had introduced the end-to-end encryption for its users across the globe.

As per the research, Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group and it is possible for an unauthorized person, who is not even a member of the group, to add someone to the group chat. "We built WhatsApp so group messages can not be sent to a hidden user". He argued that since all members of a group chat can see who joins a chat, they'll be notified of any eavesdroppers.

But Facebook-owned WhatsApp says the problem isn't as bad as the researchers are making out.

While, the group and the chats themselves have a layer of end-to-end encryption, the servers that the chats run on don't. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group.

"We've looked at this issue carefully", a WhatsApp spokesman said in a statement. The privacy and security of our users is incredibly important to WhatsApp.

He also said there are multiple ways to check and verify the members of a group chat.

Open Whisper Systems, the creators of Signal, told Wired that they are now redesigning how Signal handles group messaging, but did not share any more than that. This does not mean that the remaining members of the group won't know that a new one has joined.

Related Articles

  • Mobile Has Some Sweet New BOGO Smartphone Deals

    Mobile Has Some Sweet New BOGO Smartphone Deals

    In addition to the iPhone X deal, T-Mobile also has offers on almost every other flagship smartphone available. You'll need a voice line to use with your new device to qualify for this deal.
    Jay Bruce reportedly gets 3-year, $39 million deal from Mets

    Jay Bruce reportedly gets 3-year, $39 million deal from Mets

    Team officials have spoken in recent days to Jay Bruce's agent, and a reunion with the veteran outfielder remains a possibility. He had received interest from the San Francisco Giants on the free-agent market before electing to return to NY .
    TiVo Adds Alexa, Google Assistant Control to its DVRs

    TiVo Adds Alexa, Google Assistant Control to its DVRs

    It has impressive stereo speakers of its own, tuned by Meridian Audio, but it stands out with an 8” touchscreen. If you look at Alexa, you can only control via Amazon Echo smart speakers .
  • Ford Edge ST revealed as proper performance variant

    Ford Edge ST revealed as proper performance variant

    None of the bug numbers are out yet, but we expect the Edge ST to come close to the 17/24 mpg city/highway of the Edge Sport. Unless we're mistaken, this is the first ST crossover and the only vehicle designed deliberately with USA buyers in mind.
    New York City to divest $5bn pension funds from fossil fuel companies

    New York City to divest $5bn pension funds from fossil fuel companies

    Philanthropies have included the Wallace Global Fund and the Rockefeller Brothers Fund, notable because the late John D. The lawsuit follows the city's announcement that it plans to divest its pension funds from fossil fuel companies.

    Warriors' Stephen Curry out against Clippers due to sprained ankle

    He's effortlessly producing big numbers again this year as he's averaging 25.9 points, 5.3 assists and 7.1 rebounds per game. This is the same ankle that Curry sprained earlier in the season.
  • USA  law firm accuses Ford of rigging trucks to cheat emission tests

    USA law firm accuses Ford of rigging trucks to cheat emission tests

    When it goes on sale in the spring, the diesel 2018 Ford F-150 will cost up to $4,000 more than a conventional gas-powered model. While these Super Duty trucks can pull mountains UP mountains, they're not known for their fuel economy .
    Margot Robbie Chilled with Ellen DeGeneres and Barack Obama on Her Honeymoon

    Margot Robbie Chilled with Ellen DeGeneres and Barack Obama on Her Honeymoon

    Margot Robbie and Chris Hemsworth went head to head to find out who the best Aussie is in a game of " Ellen's Australian Boxers". DeGeneres then followed up by asking Robbie if she had to choose between Hemsworth and his brother who she would choose.
    Axe-wielding robbers steal millions in raid on Paris Ritz

    Axe-wielding robbers steal millions in raid on Paris Ritz

    Five men armed with axes smashed a window at the shop inside the hotel at about 6pm local time (7am NZ time), French media report. A judicial source put the value of the jewels seized at "more than four million euros".
  • Meghan Markle deletes social media accounts

    Meghan Markle deletes social media accounts

    Though her account was still active until just a few hours ago, she hasn't been using social media much as of late. Then in April 2017, after she and Harry became serious, she announced on Instagram that she was closing the blog.
    Punjab CM visits Zainab's bereaved family in Kasur

    Punjab CM visits Zainab's bereaved family in Kasur

    Nobel Peace prize victor and activist for girls right to education, Malala Yousafzai demanded that the government take action. In the past year, there have been at least 12 such reported incidents in that region, Reuters reports .
    United States  issues fresh travel advisory to its citizens

    United States issues fresh travel advisory to its citizens

    The Naxalites have conducted frequent terrorist attacks on local police, paramilitary forces, and government officials, it added. Mexico as a whole has a level 2 rating, meaning Americans should "exercise increased caution" because of concerns about crime.