WhatsApp Security flaw could allow anyone enter group chats despite end-to-end encryption


WhatsApp logo

German researchers have found a flaw that let’s infiltrate any WhatsApp’s group chats despite end-to-end encryption. Wired reports that the flaws in WhatsApp’s security were discovered at the Real World Crypto security conference in Switzerland. Furthermore, anyone with control on app’s servers could insert new people into private group chats without needing admin permission.

Once the new person enters the group, every person’s phone in that group chat will automatically share secret keys with that person, giving them full access to all future messages, but not past ones. The new member addition will look like it has been done with admin’s consent. Furthermore, “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” said one of the researchers to The Wired.

On the flip side, WhatsApp owned Facebook looks to have in settled mood given the fact that it isn’t easy to gain access to the WhatsApp servers, which can only be controlled by staff, governments who legally demand access, and high-level hackers. The company’s Chief Security Officer Alex Stamos responded to the report on Twitter, saying, “Read the Wired article today about WhatsApp scary headline! But there is no [sic] a secret way into WhatsApp groups chats.”

[HTML1]

He further added that every member of the group will be notified can see who joins a chat. Moxie Marlinspike, a security researcher who developed Signal protocol which is licensed to WhatsApp opined that the current WhatsApp design is reasonable and the report negatively impacts to others to not to build security into your products since it will make them a target.

Source