WhatsApp flaw might let joining group chats without permission

14 January, 2018, 00:16 | Author: Darrell Baldwin
  • Security- System Lock

Researchers in Germany say there is a flaw in WhatsApp that could allow an attacker to infiltrate group chats, according to Wired.

WhatsApp Messenger, which has made our lives easier and connected people like never before seems to be making headlines yet again. Facebook-owned WhatsApp has repeatedly claimed to offer total security for its users through its end-to-end encryption.

Researchers have discovered flaws in the way WhatsApp, Signal, and Threema messaging apps handle secure (encrypted) group communication, which could result in unauthorized users getting added to closed groups and monitoring future conversations within them.

The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them.

In a paper describing the flaw, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema", the researchers explain how someone could take advantage of it.

In a statement to Wired, WhatsApp said it had looked into the problem. The report also said that there is no authentication mechanism for the invitation that its own server can add to the group.

WhatsApp has started allowing users to "dismiss" administrators of group chats.




WhatsApp rolled out the mentions feature for its users back in 2016 in an attempt to improve the overall experience of the users. "And if not, the value of encryption is very little", further added Paul Rosler.

Two years ago, the chat app added "end-to-end encryption" which is meant to make sure messages are scrambled so they can only be read by people who are meant to receive them.

According to WABetaInfo, a site that tracks changes and upcoming features in WhatsApp, the Facebook-owned messaging app is now testing a new feature called "Mentions Notification" which notifies users whenever they are mentioned in a group chat and allows them to skip all the unwanted messages and view only the messages where they've been mentioned.

Once restricted, other members will simply have to read their messages and will not be able to respond. And, if you scroll through the unread messages in the WhatsApp group manually, then the button will vanish automatically. Since the group ID is a random 128-bit number (and is never revealed to non-group-members or even the server) that pretty much blocks the attack.

So if you see someone new entering your group, speak to the other members in private chats to confirm the new person's identity.

Alex Stamos, who heads up security at Facebook, said: "There is no secret way into WhatsApp group chats". Until then, all you can do is to keep an eye on the members being added to your group chat for any suspicious activity.

Recommended:

  • Virtual aide market a 'wildfire' at CES gadget show

    Virtual aide market a 'wildfire' at CES gadget show

    One of the most significant and most prominent Tech conventions in the world started from coming Sunday in Las Vegas. The technology show is covering 2.7 million square feet in Las Vegas and is scheduled to run until Friday.
    Kim Kardashian flaunts grill for first time since robbery

    Kim Kardashian flaunts grill for first time since robbery

    A source told Entertainment Tonight about the addition to their family: 'She'll be hands-on from the beginning'. Kim Kardashian's recent defense of her mum Kris Jenner over a body-shaming article is a case in point.
    Julian Assange Received a Civilian ID in Ecuador

    Julian Assange Received a Civilian ID in Ecuador

    What could happen to Julian Assange now? A United Nations panel had concluded in 2016 that Assange was under arbitrary detention. A statement by Mr Assange's legal team said: 'The UN ruling, issued nearly two years ago, is crystal clear in its language.
  • US Reaffirms Commitment to Secure India's NSG Membership

    US Reaffirms Commitment to Secure India's NSG Membership

    And we are working closely with India and our worldwide partners to secure India's membership in the Nuclear Suppliers Group", he said.
    Trident could be used AGAINST UK in 'devastating' nuclear missile cyber attack

    Trident could be used AGAINST UK in 'devastating' nuclear missile cyber attack

    It continues: "Cyber vulnerabilities within nuclear weapons systems and structures present a whole set of dangers and risks". Bruce Blair, a veteran nuclear launch officer and co-founder of the Global Zero movement to eliminate nuclear weapons.
    Canada says outbreak over

    Canada says outbreak over

    Currently, no common supplier, distributor, or retailer of leafy greens has been identified as a possible source of the outbreak. On Wednesday, the Public Health Agency of Canada announced it was no longer advising the public against eating romaine lettuce.
  • Google: We fixed Spectre and Meltdown with no performance loss

    Google: We fixed Spectre and Meltdown with no performance loss

    The company advised end-users to continue to apply updates recommended by their system and operating system providers. Intel processors are susceptible to both Meltdown and Spectre , so that accounts for some of the reaction.
    Dropbox confidentially files for IPO

    Dropbox confidentially files for IPO

    JPMorgan Chase & Co. and Goldman Sachs Group Inc. were named as the possible institutions that will lead in the future listing. For many years now, many have wondered why Dropbox was constantly holding out on going public, but better late than never.
    US House passes crucial spying law

    US House passes crucial spying law

    Another major loophole of Section 702 of FISA is that the government collects broad information "about" a target . The House has passed a bill to reauthorize a key foreign intelligence collection program with an important tweak.
  • California proposes more spending on schools and roads

    California proposes more spending on schools and roads

    Brown said Wednesday that the state is projecting a $6.1 billion surplus for the next fiscal year, which begins July 1. He argued for local empowerment but crafted his budget considering the realities of California's tax structure.
    State Department makes changes to travel warning system

    State Department makes changes to travel warning system

    State Department is warning tourists to "completely avoid" five states in Mexico because of rampant criminal and gang activity. Colima, Guerrero , Michoacán, Sinaloa and Tamaulipas have all been classified as a level 4 risk, the highest on the scale.
    Camila Cabello Opens Up About Why She Left Fifth Harmony

    Camila Cabello Opens Up About Why She Left Fifth Harmony

    Her single " Havana " has been sitting comfortably at the top of charts since it's release in summer 2017. Now, in a must-read new interview with the New York Times , Cabello is giving her side of the story.


Popular

Children's Health-Care Myths
The public health of our children should be the priority of every congressman, especially the senators from each state. CHIP expired September 30, threatening coverage for millions of recipients who would likely otherwise be uninsured.

IRS Unveils New Income Tax Withholding Guidelines
However, the situation has changed in recent times, with Swiss authorities showing greater willingness to cooperate with the IRS. Treasury would achieve that, the lawmakers surmised in the letter, by pushing the IRS to change its formula for withholdings.

White House personal cell phone ban starts next week
Acosta said he does not want to "dance around" Trump's "problem" in the area of race relations, and he expressed pain at saying the word Trump used.

Women's Working Group Invites Sex Assault Victims to State of Union
More recently, the group spearheaded a call for a Congressional investigation into sexual misconduct allegations against Trump. Democratic aides predicted other lawmakers will bring guests with perspectives relevant to the harassment debate.

NFL investigating whether Raiders violated Rooney Rule
The Raiders will host the Seahawks in the first NFL game at the new London stadium of English Premier League club Tottenham. Fritz Pollard Alliance chairman John Wooten sang a different tune last week when talking to ESPN .

LeBron Leads in 2nd All-Star Returns
The full team rosters will be revealed a week later, January 25 in a special one-hour edition of TNT NBA Tip-Off at 6 p.m. The Houston Rockets' James Harden has 978,540 votes and the Oklahoma City Thunder's Russell Westbrook 791,332.

New York City sues 'polluting' Shell, BP and others
ExxonMobil asked the Tarrant County District Court in Fort Worth to allow it to depose several California officials and others. New York Mayor Bill de Blasio announces a lawsuit against five oil companies at a press conference on January 10, 2018.

Australia announce Chris Lynn's replacement for ODI series against England
Maxwell's initial non-selection was due to his average of 22 across the last 20 ODIs, according to selector Trevor Hohns. Cameron White last played an ODI for Australia in January 2015, during the triangular series against England and India.

Titans to play LA Chargers in England
Gridiron fans will be able to sample the action once again at Wembley, as well as at Tottenham Hotspur's brand new stadium. And over the following fortnight Wembley will then stage two fixtures: Jaguars vs Eagles and Chargers vs Titans .

Hyrule Warriors: Definitive Edition Announced For Switch, Release Date Spring 2018
The Wii U's underratedDonkey Kong Country: Tropical Freeze is getting ported to the Switch, out on May 4th. It came out previous year on PlayStation 4 and PS Vita, and it's headed to Nintendo Switch this summer.