Forumsee logo
Forumsee » Hardware » Desktop & PC » Read message
RSS: Subscribe to RSS

Critical security flaw enables...

NotebookReview - forum.desktopreview.com
security flaw enables WhatsApp servers to add people to private groups

11 January 2018 | Author: Jay Jay

Researchers have uncovered a serious flaw in WhatsApp that allows anyone who control's WhatsApp servers to add new people to a group without obtaining permission from the administrator of the group.

The fact that those controlling WhatsApp's servers can access group messages destroys the idea of end-to-end encryption which was introduced to ensure that even messaging services won't be able to access individual communications.

Yesterday, we reported that FBI Director Christopher Wray asked messaging apps and social media companies to encryption backdoors exclusively for authorities so that they could nab criminals and deter crimes without compromising the security of the public at large.

The idea of creating a backdoor itself is absurd, considering how a small hack that allows authorities to bypass end-to-end encryption can be exploited or abused by cyber criminals and enemy states as well, thereby compromising the privacy of every single individual using a particular messaging service.

So far, we have been led to believe that end-to-end encryption in mobile phones and messaging apps like iMessage, WhatsApp and Telegram ensures that messages sent and received by users are so well scrambled that the services themselves cannot access or read them. In such a case, it is impossible for them to share details with enforcement agencies that they themselves cannot access.

However, a group of security researchers from the Ruhr University Bochum in Germany have revealed why that is not the case anymore. In a revelation that could change how much people trust services that offer end-to-end encryption, they said that a critical flaw, or feature, in WhatsApp allows anyone who control's WhatsApp servers to add new people to a group without obtaining permission from the administrator of the group.

New people added to a particular WhatsApp group without the administrator's permission will be able to read new messages posted by members of the group, thereby compromising the confidentiality and privacy that members belonging to a private WhatsApp group enjoy.

'The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them. If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little,'


Read responses in forum.notebookreview.com

Last videos:

Steelseries Rival 600
Steelseries Rival 600
Replacing Nvidia 980M with GTX 1070
Replacing Nvidia 980M with GTX 1070
Instrumental request :)
Instrumental request :)
Intel Optane 900d
Intel Optane 900d
Old Machine Mod
Old Machine Mod
Occasional problem with YouTube on desktop Windows
Occasional problem with YouTube on desktop Windows
Pump Resivour
Pump Resivour
A History of Nvidia GeForce
A History of Nvidia GeForce
Cars · 
Mobility · 
Hardware · 
Motorbikes · 
Travel · 
Boating · 
Aviation · 
production-frontend
About Forumsee · Contact · Privacy policy · Request content removal
We use cookies for navigation analysis and personalized advertisement. By using our site, you agree to our use of cookies.
Accept  ·  Learn more