Researchers claim WhatsApp group chats vulnerable, company denies

12 January, 2018, 15:15 | Author: Pamela Mathis
  • WhatsApp

According to a report in Wired, the researchers say that anyone who controls WhatsApp's servers can add people into private group chats, without getting the admin's permission.

The issues are encryption flaws and were detailed at the Real Word Crypto security conference in Zurich, Switzerland by researchers from Ruhr University Bochum in Germany.

The other participants will get a notification about a new user joining the group, but they have no way of knowing whether the new member was invited by the administrator (s). WhatsApp is a widely used messenger and is available in more than 60 different languages which include 10 Indian languages.

That any would-be eavesdropper would have to control the WhatsApp server limits the spying method to sophisticated hackers who could compromise those servers, WhatsApp staffers, or governments who legally coerce WhatsApp to give them access.

German cryptographers have found a way to infiltrate WhatsApp's group chats despite its end-to-end encryption.

First Official Venom Film Image Confirms Villain
Sam Raimi experimented with this storyline in "Spider-Man 3", where Topher Grace played the movie's first iteration of Brock/Venom.

In a paper describing the flaw, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema", the researchers explain how someone could take advantage of it.

WhatsApp has confirmed the researchers' findings but points out that it is not possible to add a new member to a group without members of that group being notified.

The application has already submitted the "Restricted Groups" setting via Google Play Beta Programme in the version 2.17.430 which will restrict other members from responding to group messages without the administrator's approval. They will have to use the "Message Admin" button to post a message or share media to the group. The flaw means that anyone in control of a WhatsApp server could, in theory, insert people into a conversation - either with the aim of simply eavesdropping, or diverting the conversation. Since the group ID is a random 128-bit number (and is never revealed to non-group-members or even the server) that pretty much blocks the attack.

Security experts note that WhatsApp threat might seem like an alarming flaw. "I think it would be better if the server didn't have metadata visibility into group membership, but that's a largely unsolved problem, and it's unrelated to confidentiality of group messages", he added. "And if not, the value of encryption is very little", researcher Paul Rösler was quoted saying in the report.

WhatsApp is working on a new group notifications feature where a user will be notified every time they are mentioned by someone.



Pakistan Suspends Military, Intelligence Cooperation With US
India has contributed a great deal in terms of developmental aid to Afghanistan, the Pentagon said today, adding that the United States wants to work with India in the region. "9/11 attacks you know had their roots in this region".

Critics' Choice Awards 2018: 'Shape of Water,' 'Big Little Lies' win big!
Nicole Kidman won a Critics' Choice Award for her role in Big Little Lies and this time thanked all her children. When I started my career, I couldn't get to the reviews fast enough.

'I was the victim': Kerrigan snaps over I, Tonya
February 1, 1994: Gillooly pleads guilty to racketeering in exchange for a 24-month sentence February 10, 1994: Harding sues U.S. She said she also didn't watch the Golden Globes , because she was in San Jose for the US national figure skating championships.

PM wages war on plastic in new environment plan
The organisation also questioned why such a 25-year timescale was necessary for eliminating "avoidable" plastic waste. By that time, we would have added, at the current rate, nearly another 300million tonnes of plastic to our oceans.

Nintendo Direct Round-Up; Everything New Coming to Nintendo Switch
Wave 1 , releasing on January 31 will introduce the new battle character Aegislash with the support set Mega Rayquaza and Mimikyu. Now, the action RPG is coming to the Switch , delivering spruced up visuals, a new epilogue and rejigged controls.

Moline location closed amid nationwide shut down of Sam's Club stores
Sam's Club is so far asking those reaching out to contact the company via private message on Twitter to resolve individual cases. Corona said he will still be working at the store until it closes on January 26, a requirement to receive his severance.

Trump Suggests He Has 'Very Good Relationship' With North Korea's Kim
While Trump has referred to Jong-un as " rocket man ", his rival had previously called him a "mentally deranged dotard ". Trump has in the past called Kim "short and fat" and "a bad dude". "Not helpful enough, but they have been very helpful.

Liverpool could replace Coutinho with AC Milan's Suso
The man who remains at Liverpool took to social media to express his sadness at no longer being able to work with Coutinho . Firmino recently wrote on Instagram about how the club was different without his compatriot Coutinho .

Iran nuclear deal criticised by Trump is working, says EU's Federica Mogherini
On Friday, Mr Trump is set to decide whether to extend relief for Iran from some U.S. economic sanctions. Britain's foreign secretary says alongside the pact, Tehran must be pressed on other issues.

Woman returns 'dead' Christmas tree to Costco in January for full refund
The unimpressed shopper behind her took a photo of her with the large (and yes, dead) tree next to her in the queue at Costco . A furious woman in California created a commotion at a popular wholesale outlet as she came to return her Christmas tree.