Categories: News

WhatsApp’s group chat security flaw can allow anyone to add themselves to your conversation

A research paper released by Paul Rösler, Christian Mainka, and Jörg Schwenk at Ruhr-Universität in Bochum has pointed out a flaw in WhatsApp’s group chat security which, theoretically, could allow anyone to add themselves to any group conversation and gain access to messages being transmitted to and fro by the members.

How does this flaw work?

To talk about the flaw, let’s first take a look at how group chats normally work at WhatsApp. Typical group chats are managed by one person who is identified as the administrator of the chat. That person manages the addition and removal of members, setting group policy and deleting the group chats itself. Whenever a new member is to be added, the administrator first sends a request to the WhatsApp server with the ID of the new member that it wants to add. The server authenticates the administrator, confirms that they have the proper authority to add/remove members from that group, and then sends a signal to all of the members which notifies them that a new member has been added to their mutual group.

This all sounds good, right? Well, it would be, except one tiny detail. Remeber the end-to-end encryption that WhatsApp uses for sending messages between users? It turns out that messages between the server and the administrator are not end-to-end encrypted. These messages use regular encryption and thus can be cracked and spoofed if someone takes control of a WhatsApp server. So what anyone has to do to get access to a private chat? Find some rogue WhatsApp employee who is willing to compromise the security of a server, or try and hack a WhatsApp server by themselves.

Is this really anything for users to worry about?

Short answer – No. The probability of a someone getting unauthorized access to a WhatsApp server is pretty low. The only problematic scenario is when a government agency or a third party might require access to a group chat and WhatsApp decides to provide that to them. But even in this case, the access is not anonymous. As soon as someone is granted access to a group chat, all the members are notified of the inclusion of new member. So to keep yourself safe from prying eyes of someone who shouldn’t be seeing your messages, keep an eye on who is added to the group. If it is someone you think should not be present in the group, it is probably time to jump ship.

A similar problem in the messaging app Signal is also described by Rösler, Mainka, and Schwenk in their research paper. It is expected that both these companies will soon fix this flaw. Until then, all you can do is to keep an eye on the members being added to your group chat for any suspicious activity.

Sponsored
Shaoor Munir

I am passionate about technology, hardware and the future of both of them together. Email: shaoor@techjuice.pk

Leave a Comment
Share
Published by
Shaoor Munir

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

5 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

5 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

5 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

6 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

6 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

6 hours ago