WhatsApp Group Chats Can Easily Be Infiltrated
Back in early 2016, WhatsApp introduced end-to-end encryption for WhatsApp chats. However, a new report claims that the group chats in WhatsApp can be easily infiltrated. A group of German cryptographers have discovered flaws in WhatsApp’s encryption that makes this possible.
The cryptographers from Ruhr University Bochum in Germany announced this at the “Real World Crypto Security Conference in Zurich, Switzerland on the 10th of January. The report from Wired says:
Anyone who controls the app’s servers could insert new people into private group chats without needing admin permission. The confidentiality of the group is compromised as soon as the uninvited member can obtain all the new messages and read them.
End-to-end encryption is a secure method of communication where only the people communicating can access messages sent. Cyber-criminals and hackers, telecoms and Internet providers or governments cannot read these communications. Even the company that built and runs the service cannot access messages, and hence cannot easily cooperate with authorities who request these exchanges.
According to the researchers, only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn’t use any authentication mechanism for that invitation that its own servers can’t spoof. This basically means that a server can add any new member to the group without any interaction with the administrator.
Once this happens, the phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages.
A WhatsApp spokesperson confirmed the findings, however, added that “no one can secretly add a new member to a group and a notification does go through that a new, unknown member has joined the group.”
WhatsApp is now expected to give more power to group administrators in the aftermath of these findings. In the coming days, administrators will be able to block any or all group members from sending any kind of text message, voice message or media files.