ibusinesslines.com March 18, 2018

WhatsApp security flaw allows people to snoop on your group chats

11 January 2018, 03:28 | Jodi Jackson

WhatsApp Security Flaw Lets Hackers Enter Any Group Unnoticed

Creepy hackers could secretly eavesdrop on your private WhatsApp group chats, experts claim

The flaw here is obvious: since the group management messages are not signed by the administrator, a malicious WhatsApp server can add any user it wants into the group.

In their paper titled More is Less: On the End-to-End security of group chats in Signal, WhatsApp and Threema, they have outlined a series of flaws that allows an impostor to invade your group chats or worse yet, control who gets added or deleted to the group.

According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group. The WhatsApp servers can only be controlled by staff, governments who legally demand access, and high-level hackers.

That's why it's so surprising that researchers have discovered a significant security flaw: Anyone in control of a Whatsapp server can add people to a private group with minimal effort, as reported by Wired. This will be possible without needing the group administrator's permission, according to the researchers.

Speaking to Wired, one of the researchers said: "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them". In the meantime, a team of cryptographers from Germany claims to have uncovered flaws in the security of WhatsApp. "Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members", the research states. End-to-end security protection doesn't mean almost as much when someone at the company can simply drop a new person into a private chat anytime they want.

This is a big problem, because WhatsApp prides itself on end-to-end encryption for its messages.

It is common for existing members to be alerted when new members are added to the WhatsApp group.

Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!" But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations.

In January past year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.

For additional security, users can easily verify the security code of other group members.

Open Whisper Systems, the creators of Signal, told Wired that they are now redesigning how Signal handles group messaging, but did not share any more than that.

But, as it turns out, the Signal protocol does not check whether the message was sent by an actual member of the group, meaning that anyone outside the group can send the message and, consequently, add a new user to the group.

Other News

Trending Now

Ritz Paris robbery: Jewellery worth millions seized in armed heist
Mohammed al Fayed bought the hotel in 1979 and carried out major renovations to bring it back to its original popularity. She added: "One man wearing a ski mask ran from the bar door to the front of the bar right past my father".

Vermont Legislature becomes first in US to legalize marijuana for recreational use
The Vermont Senate has given its approval to legislation legalizing the possession of small amounts of marijuana. Now that it has passed the state Senate, the bill now will be sent to Governor Phil Smith for his signature.

Missing Calif. student Blaze Bernstein found dead, case investigated as homicide
Witnesses said Bernstein met up with a friend and the two drove there, and he got out of the vehicle and went into the park. His parents have publicly said that nothing was unusual or out of the ordinary on the night of Bernstein's disappareance.

Memphis pastor gets standing ovation after acknowledging 'sexual incident' with teen
According to Woodson's account, the church did nothing until she broke her silence and told her women's discipleship group. For any painful memories or fresh wounds this has created for anyone, I am sorry, and I humbly ask for your forgiveness.

Health Dept. confirms flu death
Public Health and the Centers for Disease Control and Prevention recommend that everyone six months old and older get a flu shot. According to USA officials, the flu vaccine is still the best way to safeguard your immune system against influenza.

Toyota, Mazda plan to build factory in Alabama
It produces most of the cars and trucks it sells in the U.S.at those US plants and exports some of those cars to other markets. In addition to the existing Toyota engine plant it has plants for Hyundai, Honda and Mercedes-Benz.

US Issues 'Do Not Travel' Advisory for 5 Mexican States, Citing 'Crime'
What the department dubs " risk indicators " include terrorism, civil unrest and natural disaster, among other things. C - Crime: Widespread violent or organized crime is present in areas of the country.