Researchers claim WhatsApp group chats vulnerable, company denies

The report, however, did not document any threat to the way end-to-end encryption protects the content of messages sent on WhatsApp.

Indo-Asian News Service
New Delhi, Publish Date: Jan 11 2018 2:22PM | Updated Date: Jan 11 2018 2:22PM
Researchers claim WhatsApp group chats vulnerable, company deniesRepresentational Image

After German cryptographers reported flaws that makes it possible to infiltrate WhatsApp's private group chats without admin permission, the Facebook-owned messaging platform said on Thursday its end-to-end encryption is impeccable and its over one billion users are at no data breach risk.

According to a report in Wired.com, cryptographers from Ruhr University Bochum in Germany told a gathering at the "Real World Crypto Security Conference" in Zurich on Wednesday that "anyone who controls the app's servers could insert new people into private group chats without needing admin permission.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them," Paul Rosler, one of the Ruhr University researchers, was quoted as saying.

The report, however, did not document any threat to the way end-to-end encryption protects the content of messages sent on WhatsApp.

Reacting to the report, Facebook Chief Security Officer Alex Stamos tweeted: "Read the Wired article about WhatsApp -- scary headline! But there is no secret way into WhatsApp groups chats. The article makes a few key points."

In a statement to IANS on Thursday, a WhatsApp spokesperson said: "We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. 

"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted," the spokesperson added.

According to the report, the attack on WhatsApp group chats takes advantage of a bug.

"Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof," the report said.

So the server can simply add a new member to a group with no interaction on the part of the administrator.

"The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages," the report added.

WhatsApp provides users with multiple ways of confirming who will receive a message prior to it being sent.

In every WhatsApp group, users see a special blue message when someone joins or leaves a group. 

The membership of a group can be seen by tapping on "group info". 

For additional security, users can easily verify the security code of other group members.

With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages.

Facebook-owned WhatsApp added end-to-end encryption to every conversation two years ago.

WhatsApp is also testing a feature where it will likely give group administrators more powers where they will be able to restrict all other members from sending text messages, photographs, videos, GIFs, documents or voice messages in case the admin thinks so.

According to WABetaInfo, a fan site that tests new WhatsApp features early, the popular mobile messaging platform has submitted the "Restricted Groups" setting via Google Play Beta Programme in the version 2.17.430.

Once restricted, other members will simply have to read their messages and will not be able to respond. They will have to use the "Message Admin" button to post a message or share media to the group.

Latest News

  1. Floral tribute paid to four policemen killed in Shopian militant attack
  2. Floral tribute paid to four policemen killed in Shopian militant attack
  1. 39 per cent voting recorded in final phase of Kashmir panchayat polls
  2. 39 per cent voting recorded in final phase of Kashmir panchayat polls
  1. Sachin Pilot: the pilot who helped drive Cong to victory in Rajasthan
  2. Sachin Pilot: the pilot who helped drive Cong to victory in Rajasthan
  1. Body of missing driver recovered in Rajouri
  2. Body of missing driver recovered in Rajouri
  1. Omar Abdullah condemns killing of cops in south Kashmir’s Shopian
  2. Omar Abdullah condemns killing of cops in south Kashmir’s Shopian
  1. Four cops killed after militants attack police post in south Kashmir’s Shopian
  2. Four cops killed after militants attack police post in south Kashmir’s Shopian
  1. 1984 riots: Delhi HC seeks police response to convict's plea
  2. 1984 riots: Delhi HC seeks police response to convict's plea
  1. Policeman critically injured in Shopian attack succumbs
  2. Policeman critically injured in Shopian attack succumbs
  1. Traffic resumes on Jammu-Srinagar highway
  2. Traffic resumes on Jammu-Srinagar highway
  1. Jaish claims Shopian attack that left four cops dead
  2. Jaish claims Shopian attack that left four cops dead
  1. BJP headquarters in Delhi look deserted, Congress workers celebrate at theirs
  2. BJP headquarters in Delhi look deserted, Congress workers celebrate at theirs
  1. PDP hits back at Karan Singh, says ‘we risked political interests to safeguard secular fabric of JK’
  2. PDP hits back at Karan Singh, says ‘we risked political interests to safeguard secular fabric of JK’
  1. India's role crucial for Afghan peace: Qureshi
  2. India's role crucial for Afghan peace: Qureshi
  1. Congress bags Chhattisgarh, TRS sweeps Telangana, suspense in MP
  2. Congress bags Chhattisgarh, TRS sweeps Telangana, suspense in MP
  1. CRPF bunker removed from Amira Kadal after three decades, locals heave a sigh of relief
  2. CRPF bunker removed from Amira Kadal after three decades, locals heave a sigh of relief
  1. Night temperature dips across Kashmir following rain and snow
  2. Night temperature dips across Kashmir following rain and snow
  1. Law exam question on Muslim man killing cow triggers row, Delhi govt orders inquiry
  2. Law exam question on Muslim man killing cow triggers row, Delhi govt orders inquiry
  1. National interest must prevail over party: Modi
  2. National interest must prevail over party: Modi
  1. Suicide bomber kills four security personnel near Afghan capital
  2. Suicide bomber kills four security personnel near Afghan capital
  1. Panchayat polls phase 9: Less than one per cent polling till 10 am in Pulwama
  2. Panchayat polls phase 9: Less than one per cent polling till 10 am in Pulwama
  1. Polls were fought on state govts' performance: Rajnath
  2. Polls were fought on state govts' performance: Rajnath
  1. Forces lay siege to Sopore village in north Kashmir
  2. Forces lay siege to Sopore village in north Kashmir
  1. Names, identities of victims of rape and sexual assault not to be disclosed: SC
  2. Names, identities of victims of rape and sexual assault not to be disclosed: SC
  1. Urjit Patel's resignation signals dangerous trend: AIBEA
  2. Urjit Patel's resignation signals dangerous trend: AIBEA
  1. Congress set for landslide win in Chhattisgarh
  2. Congress set for landslide win in Chhattisgarh
  1. Hajin shuts on third straight day to mourn militant killings
  2. Hajin shuts on third straight day to mourn militant killings
  1. Three non-local workers die of asphyxiation in south Kashmir's Kulgam
  2. Three non-local workers die of asphyxiation in south Kashmir's Kulgam
  1. Congress leads in three BJP-ruled states, TRS in Telangana
  2. Congress leads in three BJP-ruled states, TRS in Telangana
  1. Kulgam house owner found dead 46 days after his abduction
  2. Kulgam house owner found dead 46 days after his abduction
  1. Polling underway for final phase of panchayat polls in Jammu and Kashmir
  2. Polling underway for final phase of panchayat polls in Jammu and Kashmir
x
This site uses cookies to deliver our services and to show you relevant news and ads. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.That's Fine