German Cryptographers, in their research, have found out that WhatsApp group chats are hackable citing that any new member can read the group chats. WhatsApp, however, has turned down the claim. A report from Wired says that a group of researchers from the Ruhr University Bochum in Germany discovered a major flaw in WhatsApp group chat mechanism.
Paul Rösler, Christian Mainka, and Jörg Schwenk analyzed the three widely used protocols and their implementations, and found that if someone - e.g., nation-state backed hackers (illegally), or law enforcement or intelligence agencies (legally) - gains control of WhatsApp's servers, they could easily insert a new member in a private group without the permission of the group's administrator (s).
'The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them.
"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. This means the privacy of your end-to-end encrypted group chat is only guaranteed if you actually trust the WhatsApp server". "He can cache all the message and then decide which get sent to whom and which not", Mr Rosler said. In a statement to Wired, WhatsApp said it had looked into the problem.More news: H-1B Visa Rules: Latest Development Seen 'Positive' For Indian IT
A WhatsApp spokesperson confirmed the findings to Wired, however adding that "no one can secretly add a new member to a group and a notification does go through that a new, unknown member has joined the group".
'We built WhatsApp so group messages can not be sent to a hidden user. The fear for some people is that this security flaw will result in WhatsApp being coerced by government agencies into allowing the flaw to be exploited to eavesdrop on conversations.
This is a big problem, because WhatsApp prides itself on end-to-end encryption for its messages.
According to the report, the attack on WhatsApp group chats takes advantage of a bug.More news: Microsoft's Spectre and Meltdown update is breaking AMD PCs
Firstly, control of WhatsApp servers tends to be only possible by Facebook (which owns WhatsApp), and governments who can demand access to the servers. If they add themselves to the group: 1. "There is no way to suppress this message", he wrote.
Given the alternatives, I think that's a pretty reasonable design decision, and I think this headline pretty substantially mischaracterizes the situation.
WhatsApp noted that group members could view the other members of the group by tapping on "group info", though the security flaw would mean that encryption would not protect WhatsApp users who have not checked this and are therefore unaware that their group has been infiltrated.
The goal of having an end-to-end encryption is to stop trusting the intermediate servers in such a way that even the company or the server that transmits the data can decrypt the messages or abuse the centralized position.More news: Dark Souls Remastered Confirmed For Nintendo Switch
- Post University Online Program Ranked High
- Winter flu outbreak hits Hong Kong, with ten reported deaths
- No Warrantless Surveillance 'Nonsense' in FISA Reauthorization Bill, Bipartisan Lawmakers Vow
- Kawhi benched in Portland with partial shoulder tear
- Keith Urban, Nicole Kidman Turn 2018 Golden Globes Into Date Night
- Shilpa Shinde's Emotional Breakdown At The Press Conference
- CES 2018: Project Linda Turns Razer Phone Into A Laptop
- Nintendo Direct reveals Dark Souls is coming to Switch
- Kia Niro EV Concept Plugs Into CES
- Seth Meyers Slams Weinstein and Spacey ... To Open Globes 2018