The vulnerability was outed by a bunch of cryptographers from Ruhr University Bochum in Germany, who announced their findings at the 'Real World Crypto Security Conference', a thing that apparently actually exists, in Zurich on Wednesday.
As reported by Wired, the German cryptographers claim that a "simple bug" in WhatsApp makes infiltrating group chats relatively easy - despite the chat app having rolled out end-to-end encryption to its one-billion-plus users.
The researchers' findings show that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the so-called administrator who controls access to that conversation.
"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them," says Paul Rösler, one of the Ruhr University researchers who co-authored a paper on the group messaging vulnerabilities.
"If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little."
The researchers go on to explain that while only an admin of a WhatsApp group can invite new members, the messaging app does not have a mechanism to authenticate that invitation. This means that its servers can hence spoof the invitation allowing the addition of a new member to a group with no interaction on the part of the administrator.
The smartphones of every member of the group then automatically share secret keys with the new member, giving them full access to any future messages.
In a statement given to Wired, a WhatsApp spokesperson confirmed the researchers' findings but claimed that no one can secretly add a new member to a group as a notification does go through that a new, unknown member has joined.
"We've looked at this issue carefully," the spokesperson said. "Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."
The WhatsApp mouthpiece noted that preventing the Ruhr University researchers' attack would likely break a popular WhatsApp feature known as a "group invite link" that allows anyone to join a group simply by clicking on a URL.
Do you need hacker for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks (This includes facebook, twitter , instagram, whatsapp and others) to make sure they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it,he will get the job done. He’s a professional hacker. He charges at affordable price, he’s reliable and 100% safe. contact him via address below…
ReplyDeleteEmail: brianhackwizard@gmail.com
Text no: +1(571)-286-5929.
Whatsapp no:+1(628)-203-5734
You guys have surpassed my expectations! James is seriously amazing and is doing everything to help my Fiancé and me, in1weeks my credit score went up 700 points and I can only imagine what is to come. Thank you for the excellent customer service and doing exactly what you all have set out to do! NO GIMMICKS OR BS with you guys.They carry out any kind of hacks You can reachout to them via Hackintechnology@gmail.com +16692252253
ReplyDeleteCONTACT US FOR ALL KINDS OF HACKING JOB @ GLENFTHOMAS@GmAIL.COM We offer professional hacking services , we offer the following services;
ReplyDelete-University grades changing
-Bank accounts hack
-Erase criminal records hack
-Facebook hack
-Twitters hack
-email accounts hack
-Grade Changes hack
-Website crashed hack
-server crashed hack
-Skype hack
-Databases hack
-Word Press Blogs hack
-Individual computers hack
-Control devices remotely hack
-Burner Numbers hack
-Verified Paypal Accounts hack
-Any social media account hack
-Android & iPhone Hack
-Text message interception hack
-email interception hack
-Untraceable Ip etc.
Contact us at GLENFTHOMAS@GMAIL.COM for more inquiry..
Track Calls log and Spy Call Recording.
Monitoring SMS text messages remotely.
Cell phone GPS location tracking. Spy on Whatsapp Messages.
Free Update and 100% Undetectable.
Track BBM messages and Line messages.
View All Photos Captured.
Track Internet Browsing History and Read phone Access Address Book, totally worth your money, please no time wasters, he won't under any circumstances work for free, you can reach him by email GLENFTHOMAS@GMAIL.COM