Published: Thu, January 11, 2018
Technology | By Russell Knight

WhatsApp security loophole can add uninvited members to your groups

WhatsApp security loophole can add uninvited members to your groups

While the flaw is not likely to be a concern to the average WhatsApp user, it may be slightly more worrying to journalists and informants who use the platform because they believe it offers complete security and privacy.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired.

A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats.

"Everyone in the group would see a message that a new member had joined", he argued.

The design flaws "allows an attacker ... controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users", according to their research paper released earlier this month.

"He can cache all the message and then decide which get sent to whom and which not", Rosler said.

Keyboard and Biometric Moto Mods Coming in 2018
Will you be slapping this mod on your Moto Z phone? In some sense, the keyboard Moto Mod remind me of the yesteryears HTC S710. Strangely enough the victor of the "Transform Challenge" is a Qwerty keyboard.

To rectify this bug in the security system, researchers suggested that WhatsApp could introduce a secret key as a way of verifying group invites.

Even the researchers who have come up with this security loophole agree to the fact that the level of sophistication needed to compromise the servers of WhatsApp makes such attacks on WhatsApp groups unlikely.

An attacker would have to take control of WhatsApp servers which means a sophisticated hacker, a WhatsApp staffer or a government with legal authority could gain access, even though end-to-end encryption is supposed to protect users from even these sorts of attacks.

The paper is now available online.

While the research indicates that it is possible for an infiltrator to add members to a group chat without members noticing by manipulating alerts, it's not guaranteed that doing so could be kept secret from the group's members.

Update: A WhatsApp spokesperson responded to BGR India saying, "We've looked at this issue carefully".

Kylie Jenner 'keeping pregnancy to herself' as she steps away from spotlight
According to Hollywood Life , a source claims she has been enjoying this downtime before she becomes a mum. Baby Girl West is nearly here! She is in shock as to what is happening to her body.

"When an administrator wishes to add a member to a group, it sends a message to the server identifying the group and the member to add. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted", the spokesperson added.

This means if a government was to ask WhatsApp to reveal your private messages, it would be impossible.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them", Paul Rösler, one of the researchers told Wired.

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.

If you're a group admin, you can also go into the "Group Info" settings and kick specific users from your chat. But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations. However, this potential gap in security should serve as a reminder for businesses and users to keep a close eye on their encryption services and their cryptographic keys, ' he adds.

Discovery Channel Tells Employees It Is Moving Headquarters to NYC
The CEO said plans call for the ultimate closure and sale of One Discovery Place headquarters in Silver Spring in 2019. It moved its headquarters to Bethesda in 1991 and then to its current home in Silver Springs twelve years later.

Like this: