ibusinesslines.com September 25, 2018

WhatsApp security flaw allows people to snoop on your group chats

11 January 2018, 03:28 | Jodi Jackson

WhatsApp security flaw allows people to snoop on your group chats

WhatsApp security flaw allows people to snoop on your group chats

The flaw here is obvious: since the group management messages are not signed by the administrator, a malicious WhatsApp server can add any user it wants into the group.

In their paper titled More is Less: On the End-to-End security of group chats in Signal, WhatsApp and Threema, they have outlined a series of flaws that allows an impostor to invade your group chats or worse yet, control who gets added or deleted to the group.

According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group. The WhatsApp servers can only be controlled by staff, governments who legally demand access, and high-level hackers.

That's why it's so surprising that researchers have discovered a significant security flaw: Anyone in control of a Whatsapp server can add people to a private group with minimal effort, as reported by Wired. This will be possible without needing the group administrator's permission, according to the researchers.

Speaking to Wired, one of the researchers said: "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them". In the meantime, a team of cryptographers from Germany claims to have uncovered flaws in the security of WhatsApp. "Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members", the research states. End-to-end security protection doesn't mean almost as much when someone at the company can simply drop a new person into a private chat anytime they want.

This is a big problem, because WhatsApp prides itself on end-to-end encryption for its messages.

It is common for existing members to be alerted when new members are added to the WhatsApp group.

Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!" But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations.

In January past year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.

For additional security, users can easily verify the security code of other group members.

Open Whisper Systems, the creators of Signal, told Wired that they are now redesigning how Signal handles group messaging, but did not share any more than that.

But, as it turns out, the Signal protocol does not check whether the message was sent by an actual member of the group, meaning that anyone outside the group can send the message and, consequently, add a new user to the group.

Other News

Trending Now

What everyone is missing in Zuma's state capture announcement
She added that although evidence may have been compromised, the situation "can still be salvaged". Zuma said he was taking "further legal advice" on his appeal.

Vivo unveils first in-display fingerprint smartphone at CES 2018
Apple used its own facial recognition tech called Face ID and just completely ditched its Touch ID fingerprint sensor. In a statement Vivo said the fingerprint scanning technology showcased at CES was a "whole new mobile experience".

Sevilla, United in ticket war
Sevilla have threatened to report Manchester United to UEFA as part of the furious ticket row between the Champions League rivals. In an email to ticket holders for that game, Manchester United explained they would be refunding to them 35 pounds.

Jimmy Iovine Disputes Rumors He's Leaving Apple
Last week, a report emerged claiming that Apple Music's Jimmy Iovine was planning to depart the company come August . Iovine, if you recall, joined the Cupertino-based company in mid-2014 alongside music producer and rapper Dr.

The right to vote -- or not vote -- divides Supreme Court
Under the policy, such registration is deleted if the person goes six years without either voting or ing state voting officials. He said many of those dropped from the rolls first learn they're not registered when they show up to vote and are turned away.

Seahawks fire OC Darrell Bevell
Bevell has been calling the plays for the Seahawks offense all throughout Russell Wilson and Doug Baldwin's impressive careers. Head coach Pete Carroll tried to take the heat for the call, but much of the blame was still put on Bevell's shoulders.

Ikea Asks You to Pee on Its New Ad
It includes a pregnancy test strip on the bottom for urinating on, not unlike a pregnancy test from a local drug store. Technical advancements made during the work with this campaign have the potential to improve medical diagnostics'.