Home » Tech

WhatsApp Flaw Compromises Security Of Encrypted Group Chats

14 January, 2018, 00:12 | Author: Lloyd Doyle
  • Creepy hackers could secretly eavesdrop on your private WhatsApp group chats, experts claim

Essentially, anyone who controls WhatsApp's servers could easily add new unidentified people into WhatsApp groups without the permission of the group administrator despite the administrator having full access to adding and removing members.

A flaw in popular encrypted chat programs WhatsApp, Threema and Signal theoretically allows nearly anyone to control important servers, bypass encryption and add themselves to group chats.

After German cryptographers reported flaws that makes it possible to infiltrate WhatsApp's private group chats without admin permission, the Facebook-owned messaging platform said on Thursday its end-to-end encryption is impeccable and its over one billion users are at no data breach risk.

As you know, only the administrator of a WhatsApp group can add/remove members. The impostor could also block messages, like questions or requests.

WhatsApp representative said that if this would happen and someone would add new people to group chat, members would be warned about it. Entering the group, however, leaves traces, since this operation is listed in the graphical user interface. "He can cache all the message and then decide which get sent to whom and which not", Mr. Roster added.

"Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces". This is claimed to indicate that your name has been mentioned four times in that specific WhatsApp group.

In a statement to Wired, WhatsApp said it had looked into the problem.

This means that an attacker can add someone to a conversation and read all future messages sent in the chat (past messages are still hidden). WhatsApp is also testing a new "Quick Switch" feature to let users shift from voice call to video. "And if not, the value of encryption is very little".

The best way for Sun readers to stay safe from this exploit is to always be mindful of who else is in your WhatsApp group. This is where researchers are paid to report hack able flaws in the company's software.

Researchers Paul Rosler, Christian Mainka, and Jorg Schwenk from Ruhr University Bochum in Germany analyzed instant messaging apps and their end-to-end security. That person manages the addition and removal of members, setting group policy and deleting the group chats itself.

For Threema, the researchers found even smaller bugs: An attacker who controls the server can replay messages or add users back into a group who have been removed.

Once the unidentified person has been injected into the group, the other members would receive a message informing them that a new member has been added, seemingly at the behest of the group admin. We say so as it is common for us to mute large groups that will result in skipping important conversations and messages.



NFL Announces 2018 London Schedule
The NFL has scheduled arguably its most impressive slate of London games yet in an announcement at Tottenham's new stadium. The league is now more than a decade into playing regular-season games in London after kicking off the series in 2007.

Weekend weather: More snow and rain followed by sun
Rain will start in the Sacramento area around 5 a.m. and continue throughout the day, with temperatures staying in the mid 50's. Below, we take a closer look at what to expect over the next several days as Winter Storm Hunter tracks across the country.

Senate Democrats Obtain Enough Support to Force Net Neutrality Vote
Those on the side of net neutrality argue that instead of restoring "internet freedom", these rules expose consumers. Senate Democrats who are trying to force a vote on reinstating net neutrality rules have hit a key milestone.

Tiger Woods approves of Raiders' hire of Jon Gruden
Wolf has already been linked to Cleveland, but may be intrigued by returning to Oakland and helping the McKenzie and Gruden team. That ended up being Gruden's past year coaching, before serving almost a decade as ESPN's " Monday Night Football " analyst.

NFL, NFLPA to investigate Panthers' concussion evaluation of Cam Newton
He led a touchdown march that got Carolina within one score, but their next and final possession ended with a turnover on downs. He was taken to the sideline medical tent for evaluation for a concussion and cleared after missing only one play.

Princess Charlotte starts nursery - see sweet portraits taken by mum Kate
And, according to the Kensington Palace Instagram account, it was the Duchess of Cambridge who captured this memorable moment. Looks like the toddler princess enjoys horses as much as her great grandmother, Queen Elizabeth II .

Urgent appeal for blood donors in Corby
Power Red donors give a concentrated dose of red blood cells during a single donation, allowing them to maximize their impact. Many donors have planned to take part in the day's collection with an appointment, but walk-ins also will be taken on Monday.

GoPro Kills Its Karma Drone, Lays Off 250
Woodman told CNBC that he would consider a sale or partnership with another company, though no names were mentioned. Chief executive officer Nicholas Woodman will reduce his 2018 cash compensation to $1.

Fire reported on Trump Tower roof in NYC
The Fire Department of NY said it was called there at around 7am (noon GMT) after the blaze was reported on the top floor. The fire was believed under control and no injuries were reported, NBC News reported on Twitter.

MI stores in new round of Sears & Kmart closings
The move means Kmart will have three Louisiana stores: 7000 Veterans Blvd. and 2940 Veterans Blvd.in Metairie and in Lake Charles. Sears never relocated to the thriving Christiana Mall area, although it later opened a store to the north in Concord Mall.