Published: Thu, January 11, 2018
Technology | By Russell Knight

WhatsApp security loophole can add uninvited members to your groups

WhatsApp security loophole can add uninvited members to your groups

While the flaw is not likely to be a concern to the average WhatsApp user, it may be slightly more worrying to journalists and informants who use the platform because they believe it offers complete security and privacy.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired.

A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats.

"Everyone in the group would see a message that a new member had joined", he argued.

The design flaws "allows an attacker ... controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users", according to their research paper released earlier this month.

"He can cache all the message and then decide which get sent to whom and which not", Rosler said.

Trump 'Unlikely' to Meet Mueller, Backpedals on Previous Commitment
Trump denied any collusion on his campaign's part but instead accused Democrats of colluding with Russian Federation . Trump's lawyers have previously stated their determination to cooperate with Mueller's requests.

To rectify this bug in the security system, researchers suggested that WhatsApp could introduce a secret key as a way of verifying group invites.

Even the researchers who have come up with this security loophole agree to the fact that the level of sophistication needed to compromise the servers of WhatsApp makes such attacks on WhatsApp groups unlikely.

An attacker would have to take control of WhatsApp servers which means a sophisticated hacker, a WhatsApp staffer or a government with legal authority could gain access, even though end-to-end encryption is supposed to protect users from even these sorts of attacks.

The paper is now available online.

While the research indicates that it is possible for an infiltrator to add members to a group chat without members noticing by manipulating alerts, it's not guaranteed that doing so could be kept secret from the group's members.

Update: A WhatsApp spokesperson responded to BGR India saying, "We've looked at this issue carefully".

Buffett on cryptocurrencies: 'They will come to a bad ending'
Meanwhile, Jain, who's now executive vice president of National Indemnity, will be vice chairman of insurance operations. The conglomerate also holds major investments in companies such as Coca-Cola, Wells Fargo, American Express and Apple.

"When an administrator wishes to add a member to a group, it sends a message to the server identifying the group and the member to add. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted", the spokesperson added.

This means if a government was to ask WhatsApp to reveal your private messages, it would be impossible.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them", Paul Rösler, one of the researchers told Wired.

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.

If you're a group admin, you can also go into the "Group Info" settings and kick specific users from your chat. But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations. However, this potential gap in security should serve as a reminder for businesses and users to keep a close eye on their encryption services and their cryptographic keys, ' he adds.

USA ready to talk to N. Korea at right time: Seoul
But Mr Moon said a two-track approach of engagement with pressure would bring about a virtuous circle. Moon's government wants North Korea to take part in the Games as a way to improve relations.

Like this: