Your Whatsapp Group Chats Aren’t Safe! Bug Makes It Possible To Read Conversations Without Admin Permission
A huge WhatsApp design flaw that allows anyone to infiltrate private group chats has been uncovered by security researchers.
Despite the service’s end-to-end encryption, experts say hackers can insert people into WhatsApp groups without the permission of the chat’s admin.
In response to the study, Facebook, which owns WhatsApp, has said it won’t fix the problem, and that group chats ‘remain protected’ by the app’s encryption.
“The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rosler, one of the Ruhr University researchers, was quoted as saying.
The WhatsApp attack on group chats takes advantage of a bug.
“Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn’t use any authentication mechanism for that invitation that its own servers can’t spoof,” the report said.
So the server can simply add a new member to a group with no interaction on the part of the administrator.
“The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages,” the report added.
With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages.
Facebook-owned WhatsApp added end-to-end encryption to every conversation two years ago.
According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group.
The researchers suggest that those seeking absolute privacy should stick to one-to-one chats or use a different encrypted messaging service.