Privacy: WhatsApp's group messages might not be as secure as you think

WhatsApp

Image Credits Nu Data Security

After German cryptographers reported flaws that makes it possible to infiltrate WhatsApp's private group chats without admin permission, the Facebook-owned messaging platform said on Thursday its end-to-end encryption is impeccable and its over one billion users are at no data breach risk. It doesn't look like WhatsApp will be changing its stance anytime soon, so users will just have to keep an eye out for a suspicious new member of a group.

The study was presented at the Real World Crypto security conference in Zurich, Switzerland, by a group of researchers from Ruhr University Bochum in Germany. All group members are deemed administrators, and can thus add a new group member by sending an encrypted group management message to the other participants.

So far, we have been led to believe that end-to-end encryption in mobile phones and messaging apps like iMessage, WhatsApp and Telegram ensures that messages sent and received by users are so well scrambled that the services themselves can not access or read them.

"On WhatsApp, existing members of a group are notified when new people are added".

First Alexa-enabled digital glasses to debut at CES
In August, Microsoft tied-up with Amazon to let Cortana and Alexa work together - rivaling Google Assistant and Siri. Much of this success is due to the Echo's built-in voice-controlled intelligent virtual assistant, Alexa.

Security researcher Moxie Marlinspike in a forum post explained how WhatsApp group messaging works.

In the paper "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema", released last week, researchers reveal flaws that counter the platforms' claims that their group chats are secure.

The only people who can get access to WhatsApp servers are staff and governments if they are taking some legal actions. Anyone who controls the app's servers could insert new people into private group chats without needing admin permission.

While the exploits in Threema and Signal seemed to be relatively harmless, WhatsApp had far more significant gaps in security. A report by Wired has confirmed these findings with a WhatsApp spokesperson.

James Franco's New York Times talk cancelled amid allegations
The Times said in a statement that "given the controversy surrounding recent allegations" it was cancelling the event. The new allegations regarding Franco follow a 2014 story where Franco tried to arrange a meet up with a 17-year-old.

Essentially, Stamos said the researchers report was flawed, as no one can secretly add a new member to a group. However, doing so leaves traces as this operation is listed in the graphical user interface and the WhatsApp server can thus use the fact that it can stealthily reorder and drop messages in the group. If they add themselves to the group: 1.

'We built WhatsApp so group messages can not be sent to a hidden user. An attacker who compromises the Telegram server can, undetected, recover every message that was sent in the past and receive all messages transmitted in the future without anyone receiving any notification at all. "There is no way to suppress this message".

The main problem is this: end-to-end encryption, which all of these messaging apps purport to offer, should not depend on uncompromised servers. "It could even prevent any administrator's attempt to remove the eavesdropper from the group if discovered", Rösler said.

HP recalls computer batteries over fire risk yet again
The batteries were also sold as accessories or replacement batteries for the HP ZBook Studio G4 mobile workstation. When enabled, Battery Safety Mode will discharge the battery and disable charging until the battery is replaced.

Latest News