Tech

Security researchers flag invite bug in WhatsApp group chats

Security researchers flag invite bug in WhatsApp group chats

A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats.

Reacting to the report, Facebook Chief Security Officer Alex Stamos tweeted: "Read the Wired article about WhatsApp - scary headline!"

"If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against". But there is no a secret way into WhatsApp groups chats.

Computer researchers have discovered a set of flaws in WhatsApp that could allow uninvited individulals into private group chats. As Wired puts it this type of attack is probably limited to "sophisticated hackers who could compromise those servers, WhatsApp staffers, or governments who legally coerce WhatsApp to give them access".

With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages.

He objected to the report saying that WhatsApp has multiple ways to check and verify members in a group chat.

According to the research paper published by the German cryptographers "the subsequently described protocol design weakness allows an attacker, controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users".

More news: Molson Coors Brewing (TAP) Downgraded to Hold at Zacks Investment Research

'We built WhatsApp so group messages can not be sent to a hidden user. WhatsApp has also acknowledged this server security issue but the spokesperson has pushed the idea that the attackers can cache, block or prevent the alert stating new members have been added. But the researchers have found that anyone having control of the server can break the authentication process that grants them the privilege that is needed to add new members to the private groups. It would appear as if the new member had the permission of the admin to join.

WhatsApp will display a message like it normally does when a new participant is added but this too can be manipulated using several tricks.

The messaging giant added "end-to-end encryption" two years ago, which it was thought to have made messaging more secure as the messages were scrambled so that they could only be read by those who were meant to receive them.

The system relies on unique security keys "that are traded and verified between users to guarantee communications are secure and can not be intercepted by a middleman", the report said.

Stamos also admitted that incorporating changes that the researchers recommend "would necessitate a change to the way WhatsApp provides a popular feature called group invite links - which are used millions of times per day".

This will be possible without needing the group administrator's permission, according to the researchers.


  • Portland Trail Blazers' Damian Lillard will play vs. Houston Rockets

    Portland Trail Blazers' Damian Lillard will play vs. Houston Rockets

    Paul's trey upped Houston's lead to 111-104, but Lillard answered with a driving layup to make it 111-106 with 1:38 remaining. So this is the flawless game for the Rockets to get another victory and build some confidence without James Harden .
    'Pretty Jarring': Cal State San Bernardino on Lockdown Following Non-Injury Shooting

    'Pretty Jarring': Cal State San Bernardino on Lockdown Following Non-Injury Shooting

    The university sent out a tweet notifying students that shots had been fired near the Visual Arts Building and parking structure. Mike Madden told KTLA there was no active shooter on campus, and that investigators were not even sure whether shots were fired.
    'Black Widow' Movie Reportedly in Development at Marvel Studios

    'Black Widow' Movie Reportedly in Development at Marvel Studios

    Marvel execs have met with Black Widow actress Scarlett Johansson to discuss what they wanted in the script. Black Widow is next set to appear in AVENGERS: INFINITY WAR , which will hit theaters on May 4, 2018 .
  • U.S.  violated trade rules, Canada claims after Bombardier row

    U.S. violated trade rules, Canada claims after Bombardier row

    Put another way, Canada may be taking on the United States on behalf of the rest of the world, whether by default or construction. The complaint challenges the ways that the USA investigates products for subsidies and below-cost sales.
    Pennsylvania heroin and opioid epidemic a disaster, governor says

    Pennsylvania heroin and opioid epidemic a disaster, governor says

    The County Commissioners Association of Pennsylvania released a statement following Governor Wolf's announcement. Denise Shanahan struggled to help her daughter Bryanna for over 10 years before losing her to a drug overdose .
    Mets bring back Jay Bruce

    Mets bring back Jay Bruce

    Martinez still out there seemingly holding up other players, however, seems to have created a buyers market in January. Out of contention, the Mets finally shipped Bruce to the Indians in August for minor league relief pitcher Ryder Ryan.
  • Trump says he would beat Oprah Winfrey in White House race

    Trump says he would beat Oprah Winfrey in White House race

    The enthusiasm for an Oprah candidacy illustrates the range of candidates who may eventually run against Trump. She had read it to me for time, but it was the type of thing where she knew she had a message to deliver.
    OH  man indicted for using 'Fruitfly' malware to spy on Americans

    OH man indicted for using 'Fruitfly' malware to spy on Americans

    The investigation determined that Durachinsky had infected computers at other universities and institutions from 2003 to 2017. Department of Energy. "In some cases, the malware alerted Durachinsky if a user typed words associated with pornography".
    DISH to provide voice-based TV control with Google Assistant

    DISH to provide voice-based TV control with Google Assistant

    The high-resolution touch screen and camera is framed by two front-firing stereo speakers and a rear-facing passive radiator. Lenovo's teamed up with Google to create a rival to Amazon's Echo Show .
  • Woman accuses NY  state senator of sexual misconduct

    Woman accuses NY state senator of sexual misconduct

    I want to make it very clear to everyone", Klein said. "This never occurred", Savino said in a phone call. Jeff Klein is accusing him of sexual misconduct.
    Arpaio 'not concerned' about Senate opponents, sheriff race loss

    Arpaio 'not concerned' about Senate opponents, sheriff race loss

    If I did, I wouldn't know what office to run for", said Arpaio about his response he gave at the time of the question. Arpaio refused to go into the details but he believed he had enough evidence to support his claims, CNN reported .
    Wayne Ellington's game-winner to beat Toronto

    Wayne Ellington's game-winner to beat Toronto

    Lowry's back injury, suffered late in Toronto's OT victory in Brooklyn, pushed Delon Wright into the starting lineup at the point. Ibaka will serve his suspension on January 11, when the Raptors host the Cleveland Cavaliers at Air Canada Centre.