WhatsApp Group Chats Can Be Easily Hacked, Even With End-to-End Encryption

WhatsApp is an instant messaging platform which is preferred by millions of users across the globe, thanks to the clean user interface. German Cryptographers, in their research, have found out that WhatsApp group chats are hackable citing that any new member can read the group chats. A report from Wired says that a group of researchers from the Ruhr University Bochum in Germany discovered a major flaw in WhatsApp group chat mechanism.

whatsapp-group-chat-bug

As per the report, any hacker can gain access to a group chat on WhatsApp, despite end-to-end encryption. According to the German researchers, the power of any WhatsApp group lies in WhatsApp servers and not the group admin. So they highlighted that any person who controls the app’ servers could get the access the WhatsApp group chat.

“Anyone who controls the app’s servers could insert new people into private group chats without needing admin permission,” the report said. So the group admins can add any member to a group without requiring the permission of the admin. “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rosler, one of the Ruhr University researchers quoted.

Here’s how the researchers explained the bug on WhatsApp. Only the administrator of a WhatsApp group can invite new members, but WhatsApp doesn’t use any authentication mechanism for that invitation that its own servers can’t spoof. This allows the server controller to add a new group person without the group admin’s knowledge.

“The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages,” the report added.

The researchers also spoke about the end-to-end encryption which was introduced by WhatsApp a couple of years ago. “If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little,” further added Paul Rosler.

A WhatsApp spokesperson said to the Wired that “no one can secretly add a new member to a group and a notification does go through that a new, unknown member has joined the group”.

WhatsApp is yet to respond to this report.

Reported By

Leave a Reply

8 Comments on "WhatsApp Group Chats Can Be Easily Hacked, Even With End-to-End Encryption"

 

Sort by:   newest | oldest
Girish Gowda
January 11, 2018 6:06 pm 6:06 PM

Anyone who believes in this end-to-end encryption bs deserves to be ripped off.

Prithvi
January 11, 2018 6:03 pm 6:03 PM

There you go .. use Signal app instead.

MNDLKV
January 11, 2018 5:45 pm 5:45 PM

If someone with access to whatsapp servers can add users to chat group which would nullify the purpose of end-to-end encrypted communication.

Also, anyone having “access to Facebook servers” can change your fb name

wpDiscuz