WhatsApp flaws could allow uninvited guests into group chats

Adjust Comment Print

Paul Rösler, Christian Mainka, and Jörg Schwenk analyzed the three widely used protocols and their implementations, and found that if someone - e.g., nation-state backed hackers (illegally), or law enforcement or intelligence agencies (legally) - gains control of WhatsApp's servers, they could easily insert a new member in a private group without the permission of the group's administrator (s).

WhatsApp Messenger, which has made our lives easier and connected people like never before seems to be making headlines yet again. The chat app claims that all its messages are end-to-end encrypted and only the intended readers can read them.

A team from the Ruhr University Bochum in Germany say there is a way for anyone with control of a WhatsApp server-such as a company employee or sophisticated hacker-to undermine the platform's encryption by secretly adding members to any group.

According to WABetaInfo, a fan site that tests new WhatsApp features early, the new option, present in the Group Info section as "Dismiss as admin", allows an administrator to dismiss another one without removing him or her from the group.

The issue is that WhatsApp does not use any authentication mechanism for an invite sent out by a group administrator.

Jio effect: Airtel Rs
And as far as pricing is concerned, Jio offers the plan at the cheapest price against its two older rivals of Airtel and Voadone. There are no extra charges for calls made in roaming and no restriction on calls (daily or weekly free calling minutes).

This means that an attacker can add someone to a conversation and read all future messages sent in the chat (past messages are still hidden). The privacy and security of our users is incredibly important to WhatsApp. "And if not, the value of encryption is very little", he added.

It is not the first serious vulnerability that researchers have discovered on WhatsApp's messaging platform, with security firm Checkpoint uncovering a loophole past year that allowed hackers to completely take over users' accounts and access conversations, contact lists, photos, videos and other shared media.

Have you ever been bombarded with hundreds of notifications from a WhatsApp group, and chose not to read any simply because there were tons of messages and a lot of them did not seem to matter to you? They will have to use the "Message Admin" button to post a message or share media to the group. In Signal's case, the same group chat attack in WhatsApp is also found in the app. If the admin is keeping an eye on things, then he/she would know that a foreign party has entered the group and warn members about it. Despite the sheer number of members in a group, someone is bound to notice an unexpected "guest" in their group. Tapping on the button sends a request to the person you're calling, and asks whether or not they'd like to switch from voice to video.

WhatsApp recently started testing another new group chat feature called Restricted Groups, which lets you force everyone else in your group to stop chatting.

Comments