17 January 2018

Alarming WhatsApp Security Flaw Permits People ‘spy on private chats’

A massive WhatsApp security flaw has been discovered that allows anyone to infiltrate people’s group chats.

Despite the service’s encryption, experts have said that hackers can insert anyone into WhatsApp groups without anyone knowing. The hackers can also insert the person without the permission of the chat’s admin — who usually has to approve people before they are added to the chat.

Despite the flaw being found, Facebook who owns WhatsApp, has said that they won’t be fixing the problem. They are adamant that group chats ‘remain protected’ by the app’s encryption.

Facebook’s Chief Security Officer Alex Stamos wrote on Twitter that the bug is not effective because WhatsApp users are notified when new members join conversations.

The study was presented at the Real World Crypto security conference in Zurich, Switzerland, by a group of researchers from Ruhr University Bochum in Germany. They found that anyone who has control over WhatsApp’s servers can add people to private group chats. These include staff, hackers and governments who legally demand access to WhatsApps conversations.

Researchers suggest that people who want to keep their privacy, stick to one on one chats or use a different encrypted messaging service for group chats.

In response to the study, which was first reported by Wired, Facebook’s Chief Security Officer Alex Stamos wrote on Twitter, ‘Read the Wired article today about WhatsApp – scary headline! But there is no a secret way into WhatsApp groups chats.’

He added that it’s a ‘stealthy’ strategy to spy on people’s conversations.

‘On WhatsApp, existing members of a group are notified when new people are added,’ he wrote.

‘WhatsApp is built so group messages cannot be send to hidden users and provides multiple ways for users to confirm who receives a message prior to it being sent.’

No comments:

Post a Comment