Categories: News

WhatsApp’s group chat security flaw can allow anyone to add themselves to your conversation

A research paper released by Paul Rösler, Christian Mainka, and Jörg Schwenk at Ruhr-Universität in Bochum has pointed out a flaw in WhatsApp’s group chat security which, theoretically, could allow anyone to add themselves to any group conversation and gain access to messages being transmitted to and fro by the members.

How does this flaw work?

To talk about the flaw, let’s first take a look at how group chats normally work at WhatsApp. Typical group chats are managed by one person who is identified as the administrator of the chat. That person manages the addition and removal of members, setting group policy and deleting the group chats itself. Whenever a new member is to be added, the administrator first sends a request to the WhatsApp server with the ID of the new member that it wants to add. The server authenticates the administrator, confirms that they have the proper authority to add/remove members from that group, and then sends a signal to all of the members which notifies them that a new member has been added to their mutual group.

This all sounds good, right? Well, it would be, except one tiny detail. Remeber the end-to-end encryption that WhatsApp uses for sending messages between users? It turns out that messages between the server and the administrator are not end-to-end encrypted. These messages use regular encryption and thus can be cracked and spoofed if someone takes control of a WhatsApp server. So what anyone has to do to get access to a private chat? Find some rogue WhatsApp employee who is willing to compromise the security of a server, or try and hack a WhatsApp server by themselves.

Is this really anything for users to worry about?

Short answer – No. The probability of a someone getting unauthorized access to a WhatsApp server is pretty low. The only problematic scenario is when a government agency or a third party might require access to a group chat and WhatsApp decides to provide that to them. But even in this case, the access is not anonymous. As soon as someone is granted access to a group chat, all the members are notified of the inclusion of new member. So to keep yourself safe from prying eyes of someone who shouldn’t be seeing your messages, keep an eye on who is added to the group. If it is someone you think should not be present in the group, it is probably time to jump ship.

A similar problem in the messaging app Signal is also described by Rösler, Mainka, and Schwenk in their research paper. It is expected that both these companies will soon fix this flaw. Until then, all you can do is to keep an eye on the members being added to your group chat for any suspicious activity.

Sponsored
Shaoor Munir

I am passionate about technology, hardware and the future of both of them together. Email: shaoor@techjuice.pk

Share
Published by
Shaoor Munir

Recent Posts

Phase-II Review of PTCL-Telenor Deal Finalized by CCP

ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…

38 seconds ago

Xiaomi’s SU7 Achieves New Production Record, Driving Q3 Growth

Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…

1 hour ago

Teachers Can Now Access OpenAI’s Free AI Course

OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…

2 hours ago

WhatsApp-Inspired Updates Under Testing in Google Messages

Google is exploring a revamped image-sharing interface in its Messages app, taking cues from WhatsApp…

3 hours ago

Create AI Video Backgrounds with YouTube Shorts’ Dream Screen

When it comes to online video streaming, YouTube is among the most well-known options. Every…

3 hours ago

Telecom Operators to Automatically Restore SIMs for Tax Filers

The Federal Board of Revenue (FBR) has introduced a comprehensive mechanism for blocking and unblocking…

4 hours ago