Your WhatsApp group might not be safe as German cryptographers have found a way to infiltrate chats despite its end-to-end encryption. Researchers announced they had discovered flaws in WhatsApp’s security at the Real World Crypto security conference in Switzerland, Wired reports. Anyone who controls the app’s servers could insert new people into private group chats without needing admin permission.
Once a new person is in, the phone of each member of that group chat automatically shares secret keys with that person, giving them full access to all future messages, but not past ones. It would appear as if the new member had the permission of the admin to join.
Paul Rösler, one of the researchers said that the confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them. The researchers recommend in their paper that summarizes their findings that users who rely on absolute privacy should stick to Signal or individual private messaging.
Who controls WhatsApp servers?
Since WhatsApp, which is owned by Facebook, it is clear that this is a pretty big security flaw for the social media company. But how easy can it be to gain access to the WhatsApp servers? The WhatsApp servers can only be controlled by staff, governments who legally demand access, and high-level hackers.
Facebook’s Chief Security Officer Alex Stamos responded to the report on Twitter, saying, “Read the Wired article today about WhatsApp – scary headline! But there is no [sic] a secret way into WhatsApp groups chats.”
Stamos objected to the report, stating that there are multiple ways to check and verify the members of a group chat. He argued that since all members of a group chat can see who joins a chat, they’ll be notified of any eavesdroppers. It’s also worth asking what a redesigned, secure WhatsApp would look like without this flaw. According to Stamos, if the app were to be redesigned, that would diminish how easy it is to use.