Categories: News

WhatsApp’s group chat security flaw can allow anyone to add themselves to your conversation

A research paper released by Paul Rösler, Christian Mainka, and Jörg Schwenk at Ruhr-Universität in Bochum has pointed out a flaw in WhatsApp’s group chat security which, theoretically, could allow anyone to add themselves to any group conversation and gain access to messages being transmitted to and fro by the members.

How does this flaw work?

To talk about the flaw, let’s first take a look at how group chats normally work at WhatsApp. Typical group chats are managed by one person who is identified as the administrator of the chat. That person manages the addition and removal of members, setting group policy and deleting the group chats itself. Whenever a new member is to be added, the administrator first sends a request to the WhatsApp server with the ID of the new member that it wants to add. The server authenticates the administrator, confirms that they have the proper authority to add/remove members from that group, and then sends a signal to all of the members which notifies them that a new member has been added to their mutual group.

This all sounds good, right? Well, it would be, except one tiny detail. Remeber the end-to-end encryption that WhatsApp uses for sending messages between users? It turns out that messages between the server and the administrator are not end-to-end encrypted. These messages use regular encryption and thus can be cracked and spoofed if someone takes control of a WhatsApp server. So what anyone has to do to get access to a private chat? Find some rogue WhatsApp employee who is willing to compromise the security of a server, or try and hack a WhatsApp server by themselves.

Is this really anything for users to worry about?

Short answer – No. The probability of a someone getting unauthorized access to a WhatsApp server is pretty low. The only problematic scenario is when a government agency or a third party might require access to a group chat and WhatsApp decides to provide that to them. But even in this case, the access is not anonymous. As soon as someone is granted access to a group chat, all the members are notified of the inclusion of new member. So to keep yourself safe from prying eyes of someone who shouldn’t be seeing your messages, keep an eye on who is added to the group. If it is someone you think should not be present in the group, it is probably time to jump ship.

A similar problem in the messaging app Signal is also described by Rösler, Mainka, and Schwenk in their research paper. It is expected that both these companies will soon fix this flaw. Until then, all you can do is to keep an eye on the members being added to your group chat for any suspicious activity.

Sponsored
Shaoor Munir

I am passionate about technology, hardware and the future of both of them together. Email: shaoor@techjuice.pk

Share
Published by
Shaoor Munir

Recent Posts

Rs158 Billion Spent on Importing Mobile Phones to Pakistan in the Last Five Months

According to data from the Pakistan Bureau of Statistics (PBS), Pakistan imported mobile phones worth…

1 hour ago

EU Concerns Over Pakistan’s Military Court Sentences May Impact GSP+ Trade Benefits

The European Union (EU) has expressed concern over the recent convictions of 25 civilians by…

1 hour ago

SBP Announces December 25 as a Bank Holiday

The State Bank of Pakistan (SBP) has officially declared Wednesday, December 25, 2024, as a…

2 hours ago

Greentree Holdings Ltd Aims for 35% Stake in TRG Pakistan

AKD Securities, the manager of the offer, informed the main stock exchange on Monday that…

3 hours ago

PTV Faces Criticism Over Misleading Chemotherapy Statements

ISLAMABAD: On Pakistan Television (PTV), medical experts raised serious concerns over false information on chemotherapy…

3 hours ago

OpenAI Rolls Out Advanced Voice Mode for macOS ChatGPT App

OpenAI has introduced Advanced Voice Mode to ChatGPT's desktop applications for macOS apps, enabling users…

3 hours ago