German security researchers say WhatsApp group chats not secure

German security researchers say WhatsApp group chats not secure

German security researchers say WhatsApp group chats not secure

WhatsApp group chats are hackable and any new member can read the group chats, German Cryptographers have found in a research.

Researchers from the Ruhr University Bochum analyzed flaws in three encryption chat apps: WhatsApp, Signal and Threema.

On the surface level, WhatsApp, which is owned by Facebook, looks to have a pretty big security flaw. "But there is no [sic] a secret way into WhatsApp groups chats", he tweeted. "If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against".

It is common for existing members to be alerted when new members are added to the WhatsApp group.

That report stated that the researchers had found flaws in WhatsApp, to make infiltrating the app's group chats much easier than ought to be possible. Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof. Interestingly, the compromised admin or a malicious employee with access to the server could manipulate alerts to not other group members any notification of a new person joining them.

Congress Just Gave Trump Admin Authorization To Spy On Citizens
Ron Wyden , D-Ore., a member of the Senate Intelligence Committee, said Wednesday in an op-ed. The White House supported the bill passed by the House on Thursday.

H&M pulls 'racist' hoodie and apologises after online ad backlash
The Weeknd has vowed he will never work with H&M bosses again after the launch of an ill-advised new ad that appears to poke fun at racism.

Cubs will benefit from Pirates trading Gerrit Cole to Astros
The Astros would hope that Cole bounces back to his form from 2013-2016 when he had a 3.23 ERA over 579 1/3 innings of work. The Houston Astros have agreed to a deal for Pittsburgh Pirates ace Gerrit Cole , according to Jon Morosi of MLB Network .

According to the team, anyone with access to WhatsApp's servers could easily insert new people into a private group without needing the permission of the administrator.

Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!" With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages. Once an attacker with server control accessed the conversation, he or she could also use it to selectively block any messages in the group, including those that ask questions, or provide warnings about the new entrant. "The main exception to this is former group members, who already know the group ID - and can now add themselves back to the group with impunity".

New additions to the group chat would be notified to all members of the chat just like normal. But many attacks on encrypted systems don't break the encryption - they bypass it as the processes around the encrypted data are usually far weaker than even bad encryption. All group members will see that the attacker has joined.

The main problem is this: end-to-end encryption, which all of these messaging apps purport to offer, should not depend on uncompromised servers.

According to WABetaInfo, a fan site that tests new WhatsApp features early, the popular mobile messaging platform has submitted the "Restricted Groups" setting via Google Play Beta Programme in the version 2.17.430. "It could even prevent any administrator's attempt to remove the eavesdropper from the group if discovered", Rösler said.

Related news

[an error occurred while processing the directive]