Sci-tech

Security researchers flag invite bug in WhatsApp group chats

Security researchers flag invite bug in WhatsApp group chats”

The group discovered flaws in security protocol of group of three popular instant messaging apps with WhatsApp standing out considering it has 1 billion plus user base.

German cryptographers have found a way to infiltrate WhatsApp's group chats despite its end-to-end encryption.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them", says Paul Rösler, one of the Ruhr University researchers who co-authored a paper on the group messaging vulnerabilities.

Facebook's Chief Security Officer Alex Stamos responded to the report on Twitter, saying, "Read the Wired article today about WhatsApp - scary headline!"

It also points out that WhatsApp users are able to view the membership of a group by tapping "group info", and can verify the security code of individual members for added security.

Now researchers have found a vulnerability in encrypted group chats on WhatsApp and Signal messaging apps that could allow an outsider to access and even manipulate personal conversations.

At the moment WhatsApp servers can only be accessed by its employees and governments who follow the legal route to gain access through court orders. The researchers looked at WhatsApp, Signal and Threema and showed their findings at the "Real World Crypto security conference" in Zurich, Switzerland, according to a report on Wired.

WhatsApp representatives told Wired there would be no fixes as a result of the research and that notifications of new chat additions are warning enough.

More news: MacOS High Sierra unlocks App Store Preferences with any password

So the server can simply add a new member to a group with no interaction on the part of the administrator.

WhatsApp is likely to give group administrators more powers where they will be able to restrict all other members from sending text messages, photographs, videos, GIFs, documents or voice messages in case the admin thinks so.

In their paper titled More is Less: On the End-to-End security of group chats in Signal, WhatsApp and Threema, they have outlined a series of flaws that allows an impostor to invade your group chats or worse yet, control who gets added or deleted to the group.

In a statement to IANS on Thursday, a WhatsApp spokesperson said: "We've looked at this issue carefully".

New additions to the group chat would be notified to all members of the chat just like normal.

The system relies on unique security keys "that are traded and verified between users to guarantee communications are secure and can not be intercepted by a middleman", the report said. While the company, which is owned by Facebook, acknowledges the issue of server security, the spokesperson pushed back on the idea that attackers could block, cache or otherwise prevent the alert that new members have been added.

"And in groups with multiple administrators, the hijacked server could spoof different messages to each administrator, making it appear that another one had invited the eavesdropper so that none raises an alarm".



Like this

loading...
loading...

Latest


11 January 2018
Body found of United States tourist who went missing on Larapinta Trail
The Larapinta Trail is a bushwalking track which runs west from Alice Springs to Mount Sonder along the West MacDonnell Ranges. The man's 40-year-old hiking companion told police the 33-year-old had run ahead of him as they descended the mountain.

11 January 2018
Marks & Spencer festive food and clothing sales fall
Online sales at M&S.com lifted 3%, while its ongoing move to pull out of global markets saw overseas sales slump 9.8%. Like-for-like sales for the combined UK & ROI business over the 19-week period grew by 2.2%.

11 January 2018
Black Friday and iPhone X sales drive 1.2 per cent rise
Data on Monday showed consumer confidence lifted late in December. The unemployment rate fell to 5.4% now from 5.9% in March.

11 January 2018
Catherine Deneuve accuses #Metoo of having a hatred of men
According to the writers, this is creating a public mood in which women are seen as powerless, as perpetual victims. The French broadcasting watchdog later called her comments "retrograde".

11 January 2018
Zuckerberg Makes Fixing Facebook His 'Personal Challenge' For 2018
He said, "For example, one of the most interesting questions in technology right now is about centralization vs decentralization". Zuckerberg is going to bring together groups of experts to discuss and help work through these challenges.

11 January 2018
Triple H Comments On Having Dinner With Ronda Rousey
Rousey has already done a promo for the WWE ...so the foundation has been laid out for her to really make the transition. Rousey has remained largely out of the spotlight since her last UFC fight, a December 2016 loss to Amanda Nunes.

11 January 2018
US Federal Energy Regulator rejected to subsidize coal and nuclear power plants
The decision by the Federal Energy Regulatory Commission (FERC) was handed down in a unanimous verdict by its five members, a majority of whom belong to the president's Republican Party.

11 January 2018
Alex Ross Explains Last Night's Obstructing The Field Dismissal
The match left social media divided over what the correct ruling should have been. Incidentally, Short's 69-ball 122 is the highest individual score in BBL history.

11 January 2018
U.S. declares highest-level travel warnings to several states in Mexico
The state with second-highest homicide rate - 61.6 per 100,000 - was Baja California Sur, home to the twin resorts of Los Cabos. They are: Chihuahua, Coahuila, Durango, Jalisco, Mexico , Morales, Nayarit, Nuevo Leon, San Luis Potosi, Sonora and Zacatecas.

11 January 2018
Prepare To Brave Darkest Dungeon On Nintendo Switch Next Week
There's no confirmed United Kingdom price just yet, but other versions come in around £18-£19 over here, so hopefully the Switch will be similar.