According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group. The WhatsApp servers can only be controlled by staff, governments who legally demand access, and high-level hackers.
That's why it's so surprising that researchers have discovered a significant security flaw: Anyone in control of a Whatsapp server can add people to a private group with minimal effort, as reported by Wired. This will be possible without needing the group administrator's permission, according to the researchers.
Speaking to Wired, one of the researchers said: "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them". In the meantime, a team of cryptographers from Germany claims to have uncovered flaws in the security of WhatsApp. "Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members", the research states. End-to-end security protection doesn't mean almost as much when someone at the company can simply drop a new person into a private chat anytime they want.
Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!" But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations.
In January past year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.
Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.
For additional security, users can easily verify the security code of other group members.
Open Whisper Systems, the creators of Signal, told Wired that they are now redesigning how Signal handles group messaging, but did not share any more than that.
But, as it turns out, the Signal protocol does not check whether the message was sent by an actual member of the group, meaning that anyone outside the group can send the message and, consequently, add a new user to the group.
Health Dept. confirms flu death
Public Health and the Centers for Disease Control and Prevention recommend that everyone six months old and older get a flu shot. According to USA officials, the flu vaccine is still the best way to safeguard your immune system against influenza.
Toyota, Mazda plan to build factory in Alabama
It produces most of the cars and trucks it sells in the U.S.at those US plants and exports some of those cars to other markets. In addition to the existing Toyota engine plant it has plants for Hyundai, Honda and Mercedes-Benz.