WhatsApp Group Chats Can Be Easily Hacked, Even With End-to-End Encryption

By January 11th, 2018 AT 4:10 PM

WhatsApp is an instant messaging platform which is preferred by millions of users across the globe, thanks to the clean user interface. German Cryptographers, in their research, have found out that WhatsApp group chats are hackable citing that any new member can read the group chats. A report from Wired says that a group of researchers from the Ruhr University Bochum in Germany discovered a major flaw in WhatsApp group chat mechanism.

whatsapp-group-chat-bug

As per the report, any hacker can gain access to a group chat on WhatsApp, despite end-to-end encryption. According to the German researchers, the power of any WhatsApp group lies in WhatsApp servers and not the group admin. So they highlighted that any person who controls the app’ servers could get the access the WhatsApp group chat.

“Anyone who controls the app’s servers could insert new people into private group chats without needing admin permission,” the report said. So the group admins can add any member to a group without requiring the permission of the admin. “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rosler, one of the Ruhr University researchers quoted.

Here’s how the researchers explained the bug on WhatsApp. Only the administrator of a WhatsApp group can invite new members, but WhatsApp doesn’t use any authentication mechanism for that invitation that its own servers can’t spoof. This allows the server controller to add a new group person without the group admin’s knowledge.

“The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages,” the report added.

The researchers also spoke about the end-to-end encryption which was introduced by WhatsApp a couple of years ago. “If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little,” further added Paul Rosler.

A WhatsApp spokesperson said to the Wired that “no one can secretly add a new member to a group and a notification does go through that a new, unknown member has joined the group”.

WhatsApp is yet to respond to this report.

Read more on:

8
Leave a Reply

avatar
Photo and Image Files
 
 
 
5 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
7 Comment authors
Girish GowdaAirtel UserPapa PerezPrithviMNDLKV Recent comment authors
newest oldest most voted
Girish Gowda
Girish Gowda

Anyone who believes in this end-to-end encryption bs deserves to be ripped off.

Prithvi
Prithvi

There you go .. use Signal app instead.

Recent Posts

JioPostpaid Plus to Offer Data Sharing Functionality, But is it Too Late?

Reliance Jio will be introducing a new service for postpaid users in the coming days called JioPostpaid Plus. As the...

Vodafone Idea Customers Can Now Dial a Mobile Number to Access Google Assistant

Google has considered India as a major market for its products and services. In line with that, the tech giant...

Bharti Airtel Has 5 Prepaid Plans Without Any Daily Data FUP Limit: Prices Start at Rs 97

Bharti Airtel has a wide range of prepaid plans under its belt and most of them ship with a daily...