According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group. The WhatsApp servers can only be controlled by staff, governments who legally demand access, and high-level hackers.
That's why it's so surprising that researchers have discovered a significant security flaw: Anyone in control of a Whatsapp server can add people to a private group with minimal effort, as reported by Wired. This will be possible without needing the group administrator's permission, according to the researchers.
Speaking to Wired, one of the researchers said: "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them". In the meantime, a team of cryptographers from Germany claims to have uncovered flaws in the security of WhatsApp. "Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members", the research states. End-to-end security protection doesn't mean almost as much when someone at the company can simply drop a new person into a private chat anytime they want.
Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!" But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations.
In January past year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.
Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator.
For additional security, users can easily verify the security code of other group members.
Open Whisper Systems, the creators of Signal, told Wired that they are now redesigning how Signal handles group messaging, but did not share any more than that.
But, as it turns out, the Signal protocol does not check whether the message was sent by an actual member of the group, meaning that anyone outside the group can send the message and, consequently, add a new user to the group.
Sevilla, United in ticket war
Sevilla have threatened to report Manchester United to UEFA as part of the furious ticket row between the Champions League rivals. In an email to ticket holders for that game, Manchester United explained they would be refunding to them 35 pounds.
Jimmy Iovine Disputes Rumors He's Leaving Apple
Last week, a report emerged claiming that Apple Music's Jimmy Iovine was planning to depart the company come August . Iovine, if you recall, joined the Cupertino-based company in mid-2014 alongside music producer and rapper Dr.
The right to vote -- or not vote -- divides Supreme Court
Under the policy, such registration is deleted if the person goes six years without either voting or ing state voting officials. He said many of those dropped from the rolls first learn they're not registered when they show up to vote and are turned away.
Seahawks fire OC Darrell Bevell
Bevell has been calling the plays for the Seahawks offense all throughout Russell Wilson and Doug Baldwin's impressive careers. Head coach Pete Carroll tried to take the heat for the call, but much of the blame was still put on Bevell's shoulders.
Ikea Asks You to Pee on Its New Ad
It includes a pregnancy test strip on the bottom for urinating on, not unlike a pregnancy test from a local drug store. Technical advancements made during the work with this campaign have the potential to improve medical diagnostics'.