Published: Thu, January 11, 2018
Technology | By Russell Knight

WhatsApp security loophole can add uninvited members to your groups

WhatsApp security loophole can add uninvited members to your groups

While the flaw is not likely to be a concern to the average WhatsApp user, it may be slightly more worrying to journalists and informants who use the platform because they believe it offers complete security and privacy.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired.

A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats.

"Everyone in the group would see a message that a new member had joined", he argued.

The design flaws "allows an attacker ... controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users", according to their research paper released earlier this month.

"He can cache all the message and then decide which get sent to whom and which not", Rosler said.

Ritz hotel robbery: Armed thieves steal jewellery worth millions in Paris
French police said five thieves, some of them armed, entered the luxury hotel and stole goods worth "an important sum". No one was injured in the robbery at the five-star hotel but terrified guests were told "get down" as shots rang out.

To rectify this bug in the security system, researchers suggested that WhatsApp could introduce a secret key as a way of verifying group invites.

Even the researchers who have come up with this security loophole agree to the fact that the level of sophistication needed to compromise the servers of WhatsApp makes such attacks on WhatsApp groups unlikely.

An attacker would have to take control of WhatsApp servers which means a sophisticated hacker, a WhatsApp staffer or a government with legal authority could gain access, even though end-to-end encryption is supposed to protect users from even these sorts of attacks.

The paper is now available online.

While the research indicates that it is possible for an infiltrator to add members to a group chat without members noticing by manipulating alerts, it's not guaranteed that doing so could be kept secret from the group's members.

Update: A WhatsApp spokesperson responded to BGR India saying, "We've looked at this issue carefully".

Olivia Nova dies, latest in string of porn star deaths
Porn star Olivia Nova , who rose to fame in the adult film industry in just a matter of months, has died at the young age of 20. On her Twitter bio , she describes herself as a vegan, a "dog mom", and "Oh year and I like wine so don't try and stop me".

"When an administrator wishes to add a member to a group, it sends a message to the server identifying the group and the member to add. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted", the spokesperson added.

This means if a government was to ask WhatsApp to reveal your private messages, it would be impossible.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them", Paul Rösler, one of the researchers told Wired.

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.

If you're a group admin, you can also go into the "Group Info" settings and kick specific users from your chat. But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations. However, this potential gap in security should serve as a reminder for businesses and users to keep a close eye on their encryption services and their cryptographic keys, ' he adds.

Buffett on cryptocurrencies: 'They will come to a bad ending'
Meanwhile, Jain, who's now executive vice president of National Indemnity, will be vice chairman of insurance operations. The conglomerate also holds major investments in companies such as Coca-Cola, Wells Fargo, American Express and Apple.

Like this: