WhatsApp Group chats can easily be infiltrated: Researchers
San Francisco: A team of German cryptographers has discovered flaws in WhatsApp's Group chats despite its end-to-end encryption, that makes it possible to infiltrate private group chats without admin permission.
According to a report in Wired.com, the cryptographers from Ruhr University Bochum in Germany announced this at the "Real World Crypto Security Conference in Zurich, Switzerland, on Wednesday.
"Anyone who controls the app's servers could insert new people into private group chats without needing admin permission," the report said, citing cryptographers.
"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them," Paul Rosler, one of the Ruhr University researchers, was quoted as saying.
The WhatsApp attack on group chats takes advantage of a bug.
"Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof," the report said.
So the server can simply add a new member to a group with no interaction on the part of the administrator.
"The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages," the report added.
With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages.
Facebook-owned WhatsApp added end-to-end encryption to every conversation two years ago.
According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group.
"He can cache all the message and then decide which get sent to whom and which not," Rosler said.
A WhatsApp spokesperson confirmed the findings to Wired, however adding that "no one can secretly add a new member to a group and a notification does go through that a new, unknown member has joined the group".
"We've looked at this issue carefully," the spokesperson added.
WhatsApp is likely to give group administrators more powers where they will be able to restrict all other members from sending text messages, photographs, videos, GIFs, documents or voice messages in case the admin thinks so.
According to WABetaInfo, a fan site that tests new WhatsApp features early, the popular mobile messaging platform has submitted the "Restricted Groups" setting via Google Play Beta Programme in the version 2.17.430.
Once restricted, other members will simply have to read their messages and will not be able to respond. They will have to use the "Message Admin" button to post a message or share media to the group.
Safaricom has suffered a voice and data outage affecting critical transmission equipment because of a damaged fibre link, Kenya’s biggest telecoms company said.
Rahul Gandhi today alleged there was certainly a "scam" in the controversial Rafale jet deal with France and accused Defence Minister Nirmala Sitharaman of doing a "flip-flop" on the secrecy clause.
Arvind Kejriwal announced that financial assistance for Resident Welfare Assocations (RWAs) and NGOs registered with the Delhi Parks and Gardens Society (DPGS) for maintenance of parks and gardens would be doubled from Rs 1 lakh to Rs 2 lakh.
U.S. director of intelligence Dan Coats said he in no way meant to be disrespectful toward President Donald Trump with what he called his “awkward response” to news of a second planned Trump summit with Russian President Vladimir Putin.
Volkswagen is renting parking spaces from August to stockpile vehicles which cannot be sold due to bottlenecks caused by new engine emissions tests, a spokeswoman said
The station, which was named after Lord Elphinstone, the Governor of Bombay Presidency from 1853 to 1860, has now been renamed in honour of a local deity.
Lavasa -an ultimate getaway, a city that would offer the charms of European locales, with five star comforts in a scenic part of Maharashtra has now become an abandoned town.
A second chargesheet by the ED has confirmed the trail of illegal cash Mallya transferred to his accounts across global tax havens.
Delayed payment by GMR-led DIAL, the Delhi airport operator, to the CISF guards could eventually lead to passengers paying more to fly out of the Indian Capital.
The West Bengal Police has claimed to have busted a Rs 100 crore plus job racket in the Indian Railways following a crucial arrest in the Indian Capital.