WhatsApp Security Flaw Could Allow Impostors To Enter Group Conversations

  • WhatsApp Security Flaw Could Allow Impostors To Enter Group Conversations

WhatsApp Security Flaw Could Allow Impostors To Enter Group Conversations

In response to the study, which was first reported by Wired, Facebook's Chief Security Officer Alex Stamos wrote on Twitter: 'Read the Wired article today about WhatsApp - scary headline! Typical group chats are managed by one person who is identified as the administrator of the chat.

But, as it turns out, the Signal protocol does not check whether the message was sent by an actual member of the group, meaning that anyone outside the group can send the message and, consequently, add a new user to the group.

It's not a problem that will impact most users, but chat apps like Signal and WhatsApp have been used for private conversations from everyone ranging from politicians to government dissenters.

Following the presentation of the researchers at the forum, a WhatsApp spokesperson explained that the privacy and security of users is a top concern of theirs. "And if not, the value of encryption is very little".

"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group".

The security researchers do point out that the risk associated with the flaw is limited, because the hackers need to have access to WhatsApp servers to insert themselves into a group conversation.

The issue is that WhatsApp does not use any authentication mechanism for an invite sent out by a group administrator. Then, the phone of every participant in the group shares secret keys with that member, giving them access to future messages. If it is someone you think should not be present in the group, it is probably time to jump ship. If the administrator is watching closely, he or she could warn the group's intended members about the interloper and the spoofed invitation message.

The membership of a group can be seen by tapping on "group info".

Stamos argued against the report, stating that there are many ways to check and validate the people on a group chat.

Two years ago, the chat app added "end-to-end encryption" which is meant to make sure messages are scrambled so they can only be read by people who are meant to receive them.

Computer researchers have discovered a set of flaws in WhatsApp that could allow uninvited individulals into private group chats.

Once restricted, other members will simply have to read their messages and will not be able to respond. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group.