Tech

Researchers claim WhatsApp group chats vulnerable, company denies

Researchers claim WhatsApp group chats vulnerable, company denies”

And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app's group chats much easier than ought to be possible.

In short, anyone who has control of a WhatsApp server could effortlessly insert new people into a private group.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired.

WhatsApp does notify members of a group chat when a new user joins, so they may realize that something suspicious is going on, but they may also assume that the new person was invited by the group administrator. This does not need require permission from the group's admin and the new person added to the group can read the group chats easily.

He said that there are multiple ways to verify group chat members, adding that users are notified of anyone new joining, including those without permission.

Researchers from the Ruhr University Bochum analyzed flaws in three encryption chat apps: WhatsApp, Signal and Threema.

"He can cache all the message and then decide which get sent to whom and which not", Rosler said.

More news: New York City sues five oil companies over climate change
More news: CBS appoints John Dickerson as Rose's replacement
More news: How to Watch Manchester United vs. Derby County

WhatsApp is also testing a feature where it will likely give group administrators more powers where they will be able to restrict all other members from sending text messages, photographs, videos, GIFs, documents or voice messages in case the admin thinks so.

However, Facebook's Chief Security Officer Alex Stamos downplayed the security risks on Twitter, noting that there "isn't a secret way" into WhatsApp group chats.

Responding to the report, WhatsApp said, "We've looked at this issue carefully".

Facebook owned WhatsApp has been rolling out new features at regular intervals - first through beta channel and then through stable channel to all the users.

For Threema, the researchers found even smaller bugs: An attacker who controls the server can replay messages or add users back into a group who have been removed. Clients of a group retrieve membership from the server, and clients encrypt all messages they send e2e to all group members.

We completed the implementation of end-to-end encryption in 2016 for all messaging and calling on WhatsApp so that no one, not even us, has access to the content of your conversations.

This means that an attacker can add someone to a conversation and read all future messages sent in the chat (past messages are still hidden). "This means the privacy of your end-to-end encrypted group chat is only guaranteed if you actually trust the WhatsApp server".



Like this

Latest


14 January 2018
Inside the spectacle of Jon Gruden's first day back with the Raiders
But Gruden said his broadcast career allowed him to see how and where other team's practice and how schemes are evolving. How Derek Carr responds could shape the Raiders for years to come as they prepare to arrive in Las Vegas in 2020.

13 January 2018
YouTube finally responds to the Logan Paul controversy
Paul, 22, was criticised by viewers last week after uploading a video featuring a dead body in Japan's suicide forest, Aokigahara. Paul announced earlier that he was stepping away from posting videos following the outcry over his "suicide forest" video .

12 January 2018
Google acquired speaker tech startup past year
This also opens up the possibility of placing even more components in future devices, like larger battery. Google quietly acquired a United Kingdom tech startup without anyone noticing - until now that is.

11 January 2018
Browns swipe Eliot Wolf from Packers front office
However, there was a sense that he would depart from the organization after not getting the general manager position. Wolf is the second Packers executive Dorsey has hired since he became the general manager of the Browns last month.

10 January 2018
Sumpter Twp. couple wanted for murder of girl, 4, arrested in Georgia
Police said the woman claimed she owned weapons that had been confiscated, including one that had the serial number filed off it. Investigators said they believe the couple is driving in a black, 2002 Chevrolet Cavalier with MI license plate DTR1854.

09 January 2018
Watch Jennifer Lawrence in the Red Sparrow trailer
That brief description as it happens could also easily apply to Hunger Games , the franchise that made Lawrence a star. Despite drawing instant comparisons to Black Widow and last year's Atomic Blonde , Red Sparrow is its own demon.

08 January 2018
Why has the 'Fire and Fury' book angered Trump so much?
Breitbart News has publicly marched to war against Kushner, coining him the figurehead of the "globalist" wing of the White House. Fire and Fury is reportedly based on more than 200 interviews and fly-on-the-wall access to the White House.

08 January 2018
Agitated Trump Aide Stephen Miller Thrown Off Live TV Interview
Trump is a "a self-made billionaire who revolutionized reality TV", Miller said twice. "To accuse someone of treason is so out of line".

06 January 2018
Dry weather Friday and Saturday, precipitation in Sunday's forecast
Another round of arctic air is set to move into Southside Virginia by Thursday , bringing gusty winds and more bitter cold. Tuesday , it will be mostly sunny with a high near 47, the weather service said.

06 January 2018
Trump threatens to cut USA aid to Palestinians
Some Israeli officials welcomed Trump's aid cut plan, saying it put due pressure on the Palestinians. Trump recently took Israel's side by formally declaring Jerusalem their capital .



Recommended