Published: Thu, January 11, 2018
Hi-Tech | By Cory Rios

WhatsApp security loophole can add uninvited members to your groups

WhatsApp security loophole can add uninvited members to your groups

Or course, there is a possibility that hackers could gain control of WhatsApp servers, but this is somewhat unlikely.

It's not a problem that will impact most users, but chat apps like Signal and WhatsApp have been used for private conversations from everyone ranging from politicians to government dissenters. A report from Wired says that a group of researchers from the Ruhr University Bochum in Germany discovered a major flaw in WhatsApp group chat mechanism.

WhatsApp has a serious security flaw which allows attackers and government agents to insert themselves into a group conversation.

Group chat app Signal was found to have the same problem as WhatsApp, but as well as controlling the server the attacker also needs to know the chat's Group ID - which is nearly impossible to know without having physical access to one of the phones in the message thread.

In a statement to IANS on Thursday, a WhatsApp spokesperson said: "We've looked at this issue carefully".

Yesterday, we reported that FBI Director Christopher Wray asked messaging apps and social media companies to create encryption backdoors exclusively for authorities so that they could nab criminals and deter crimes without compromising the security of the public at large.

German cryptographers have found a way to infiltrate WhatsApp's group chats despite its end-to-end encryption.

More news: Dimon Backpedals on Bitcoin

While the research indicates that it is possible for an infiltrator to add members to a group chat without members noticing by manipulating alerts, it's not guaranteed that doing so could be kept secret from the group's members. Someone with control of WhatsApp's servers can add a new person to a group without administrator even knowing, is what the researchers claim. All group members are deemed administrators, and can thus add a new group member by sending an encrypted group management message to the other participants.

Speaking to Wired, one of the researchers said: "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them".

The newly published paper claims that anyone who has control of the WhatsApp services including the employees of the company can covertly add the members to any WhatsApp group. However, this potential gap in security should serve as a reminder for businesses and users to keep a close eye on their encryption services and their cryptographic keys, ' he adds.

In May 2016, Facebook-owned-WhatsApp had introduced the end-to-end encryption for its users across the globe.

Facebook's Chief Security Officer Alex Stamos in a Twitter thread said that it was impossible for anyone to infiltrate WhatsApp's private groups.

"WhatsApp is built so group messages can not be send to hidden users and provides multiple ways for users to confirm who receives a message prior to it being sent".

"The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages", the report added. This does not mean that the remaining members of the group won't know that a new one has joined.

Like this: