/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/11/photo-1.jpg)
Security researchers have revealed a vulnerability in WhatsApp that it possible to infiltrate private group chats without admin permission.
According to a report in Wired, the researchers say that anyone who controls WhatsApp's servers can add people into private group chats, without getting the admin's permission. The new member would be able to read all messages going forward, breaking the confidentiality of the group and negating end-to-end encryption.
The encryption flaws, which were detailed at the Real World Crypto security conference in Zurich, Switzerland, by a group of researchers from Ruhr University Bochum in Germany, apparently also affect the Signal and Threema messaging apps — though to a lesser degree.
Those who use WhatsApp will know that a notification is sent when a new member joins a group - killing any chance of quietly watching conversations without anyone noticing. But the researchers said it would be possible to get the server to jumble up the way in which messages are sent, so that members would not receive this notification or be aware of the newcomer. The researchers also suggest that an attacker with access to WhatsApp servers could selectively block any messages in the group — closing down the ability of group participants to ask questions, or provide warnings about the interloper.
Facebook’s Chief Security Officer Alex Stamos, responding to the report on Twitter, said, “Read the Wired article today about WhatsApp – scary headline! But there is no
Stamos further pointed out in his tweets that everyone in the group would see a message that a new member has joined, so this wouldn't be a stealthy strategy for government spying. He added that the report has been looked at carefully, and while there may be a way to add more protections, it's not clear cut. "In sum, the clear notifications and multiple ways of checking who is in your group prevent silent eavesdropping," he wrote. "The content of messages sent in WhatsApp groups remain protected by end-to-end encryption."