German cryptographers have devised some way to penetrate the WhatsApp’s group conversation even though they are end-to-end encrypted.
The interpreters informed that they have found flaws within the WhatsApp’s security at the conference held in Switzerland on the Real World Crypto Security as per the reports of Wired. Any individual who has access to WhatsApp’s server and controls it could put new people inside the private group conversations without the permit or approval of that group’s admin.
Once the new individual is inside the private group chat, the phone of each group member would share secret keys with the new inserted person, hence giving them complete access to all the future messages and conversations, however, no access would be granted for the previous chats on that group. The whole thing would appear as if the new member has entered the group with admin’s consent and permission.
Paul Rosler—one of the researchers told Wired that the moment a new member is included in a private group the secrecy of the group is compromised as the uninvited member would be able to get all the new messages and would have complete access to every activity that happens on the group.
The researchers in conclusion of their findings in their paper have suggested to all those users who wish for absolute privacy to stick on to Signal or individual private messaging.
WhatsApp—owned by the Facebook appears to have a huge security issue. Question to ponder is whether accessing the WhatsApp servers be that easy. The WhatsApp servers are being controlled by the staff members, government officials who legally demand access and high-level hackers.
Alex Stamos—Facebook’s Chief Security Officer responded on Twitter and said that he has read the Wired article about WhatsApp. He called the title really frightening and assured that there is no secret way for anyone to enter the WhatsApp group chats.
Stamos urged that the report is objectionable and said that there are many ways to verify the members of a group. He maintained that since every member could see the entry and exit of a group member as a notification message is sent so if there would be any unwanted intruder added in the group the group members would immediately be notified. He further added that it is good to ask what would the new WhatsApp without this error look like.
As per Stamos, redesigning the app would kill its simplicity—meaning it would lessen the easiness with which it is currently used.
A security researcher—Moxie Marlinspike also the developer of Signal—having protocols licensed to WhatsApp said that the present WhatsApp design is pretty good and the report by Wired only imparts this message to others to not include security options in their products as that would make their products a target for researchers, even if the product makers choose the right options and take right decisions.
I am a writer/editor at Research Snipers RS-NEWS and it’s been 2 years working with the company. My specialties are technology and business.