IT

WhatsApp flaw might let joining group chats without permission

WhatsApp flaw might let joining group chats without permission

Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members.

According to a report in Wired.com, the cryptographers from Ruhr University Bochum in Germany announced this at the "Real World Crypto Security Conference" in Zurich, Switzerland, on Wednesday.

Reacting to the report, Facebook Chief Security Officer Alex Stamos tweeted: "Read the Wired article about WhatsApp - scary headline!"

A bug in WhatsApp means it's possible to sneak into private chats without any admin permissions, despite the Facebook-owned company's best efforts with encryption. This does not mean that the remaining members of the group won't know that a new one has joined. The same security flaw also affects Signal and Threema messaging apps, but not to the degree that WhatsApp is affected according to researchers. "Entering the group however leaves traces since this operation is listed in the graphical user interface", the paper states, though it adds that the flaws also allow the attacker to hide their tracks. A research paper released at a security event this week describes how group chats can be leveraged by snoops.

A flaw in popular encrypted chat programs WhatsApp, Threema and Signal theoretically allows nearly anyone to control important servers, bypass encryption and add themselves to group chats. The researchers say there are many risks in group chats where the hacker has control of the server, because they can then manipulate who gets what messages, delete messages and more.

They found that anyone with control over WhatsApp's servers can add people to private group chats, including staff, hackers and governments who legally demand access. Only the administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof.




WhatsApp said it had "carefully looked" at the flaw and reassured users that their encrypted messages were safe. If they add themselves to the group: 1.

"When an administrator wishes to add a member to a group, it sends a message to the server identifying the group and the member to add". One example attack posited that former members of groups could record the group ID and use that for future attacks.

The main problem is this: end-to-end encryption, which all of these messaging apps purport to offer, should not depend on uncompromised servers.

'We built WhatsApp so group messages can not be sent to a hidden user.

WhatsApp acknowledged the flaw to Wired, although emphasised that adding participants completely covertly is impossible, because of the notification system. "It could even prevent any administrator's attempt to remove the eavesdropper from the group if discovered", Rösler said.


  • Regional Public Health officials not sounding any alarm bells for the flu

    Regional Public Health officials not sounding any alarm bells for the flu

    Earlier reports had said Australia's flu vaccine was only 10 percent effective, but that doesn't mean US vaccines rated the same. Moving up to Nassau County at the Yulee CareSpot, the staff has seen multiple strains of the flu as well as flu-like illnesses.
    FISA Act Renewal in Doubt After Trump Tweet

    FISA Act Renewal in Doubt After Trump Tweet

    It allows warrantless surveillance outside the United States even if one end of the communication is an American on American soil. Some in the press have said that under this legislation, this bill would allow warrantless surveillance of Americans.
    Trump opens path for states to seek work requirements for Medicaid

    Trump opens path for states to seek work requirements for Medicaid

    CMS also encourages states to consider a range of activities that could satisfy work and community engagement requirements. The waivers with work requirements will still see heavy political pushback, and there will probably be legal challenges.
  • Pirates trade pitcher Gerrit Cole to Astros

    Pirates trade pitcher Gerrit Cole to Astros

    The Astros would hope that Cole bounces back to his form from 2013-2016 when he had a 3.23 ERA over 579 1/3 innings of work. The Houston Astros have agreed to a deal for Pittsburgh Pirates ace Gerrit Cole , according to Jon Morosi of MLB Network .
    Triad forecast: Warmer weather on the way

    Triad forecast: Warmer weather on the way

    Temperatures will drop slightly Wednesday to a high of 53 degrees as precipitation moves into the area. SATURDAY: Snow showers will develop and linger into Saturday, with much colder temperatures returning.
    Pink will be the national anthem singer at Super Bowl LII

    Pink will be the national anthem singer at Super Bowl LII

    Lady Gaga did the Super Bowl 50 anthem, then was the halftime performer a year later. "I'm really looking forward to 2018". In a new interview, Justin Timberlake talks about his plans for the Super Bowl 2018 Halftime Show sponsored by Pepsi .
  • Google Pay Brings Android Pay and Google Wallet Under A Single Branding

    Google Pay Brings Android Pay and Google Wallet Under A Single Branding

    This all-new Google Pay branding was unveiled at the Consumer Electronics Show 2018 event being held in Las Vegas. Google is merging Android Pay with Google Wallet , introducing a unified payment service called Google Pay.
    Washington deputy shot during chase dies from gunshot wounds

    Washington deputy shot during chase dies from gunshot wounds

    A Pierce County deputy has died after being shot responding to a robbery call near Spanaway, the Sheriff's Department confirmed. A burglary investigation that began Sunday night southwest of Tacoma ended with the death of a Pierce County Sheriff's Deputy.

    Amazon Alexa to launch on Windows 10 PCs this year

    The advent of Alexa for Business combined with these integrations could help to set Alexa up as a key business tool. Lenovo, Asus, and Acer also reportedly plan to bring Alexa to a series of Windows 10 laptops and desktops.
  • Super Mario Odyssey Getting Balloon World Update

    Super Mario Odyssey Getting Balloon World Update

    In "Hide It", you have 30 seconds from Luigi's spawned spot in each Kingdom to hide a balloon in the most hard spot you can think. Once the free update has been downloaded and players have completed the main story, Balloon World will become available.
    HP recalls computer batteries due to fire, burn hazards

    HP recalls computer batteries due to fire, burn hazards

    When enabled, Battery Safety Mode will discharge the battery and disable charging until the battery is replaced. If you want to check whether your HP laptop battery is affected, you can find out by visiting HP's website .
    Razer Project Linda turns your Razer Phone into an Android laptop

    Razer Project Linda turns your Razer Phone into an Android laptop

    For starters, there is a slot for the Razer Phone to dock into where the trackpad would usually be. You can register on the Razer site to receive updates and announcements related to the project.