WhatsApp Security News: Researchers Find Group Chat Vulnerability; Facebook Maintains Messaging App Is Secured

REUTERS/Dado Ruvic/Illustration/File PhotoA photo illustration shows a chain and a padlock in front of a displayed Whatsapp logo January 13, 2017.

Security researchers recently claimed that a WhatsApp vulnerability could allow attackers to invade private group chats. However, a Facebook executive maintained that the messaging app’s group chat feature was secure.

The WhatsApp security flaw was revealed in a comprehensive study conducted by Paul Rösler, Christian Mainka, and Jörg Schwenk from Germany’s Ruhr-University Bochum. The paper was released at the recent Real World Crypto security conference in Switzerland.

WhatsApp, a Facebook-owned messaging software, is one of the widely used communication apps with around a billion users worldwide. It introduced end-to-end encryption, which is also applied to its group chat feature, but the researchers claimed to have found a couple of weaknesses despite this security measure.

In the paper, it was mentioned that the discovered WhatsApp group chat vulnerabilities could allow an attacker “to burgle into a group” and “forge acknowledgments.”

An attacker could reportedly tinker with WhatsApp’s group protocol and rig messages from  the server so they would “become a member of the group or add other users to the group without any interaction of the other users.”

Ultimately, the researchers claimed that the vulnerability could let an attacker who had  access to the WhatsApp’s server to “break the transport layer security” and “take full control over a group” without the need for a confirmation from an administrator.

Once the WhatsApp server has been compromised, attackers can reportedly “reorder and drop messages in the group” or “read their content first and decide in which order they are delivered to the members.”

The company’s Chief Security Officer, Alex Stamos, reacted to the study through a series of social media posts on Twitter.

WIRED was one of the publications that reported on the research paper. Stamos shared this report on Twitter and commented: “Read the Wired article today about WhatsApp – scary headline! But there is no a secret way into WhatsApp groups chats.”

Stamos also mentioned in a number of follow-up posts that they had already studied the research “carefully” and explained that if an unauthorized person attacked following the researchers’ experiment, it “would necessitate a change to the way WhatsApp provides a popular feature called group invite links.”

“The content of messages sent in WhatsApp groups remain protected by end-to-end encryption,” Stamos added.

Article source: http://www.christianpost.com/news/whatsapp-security-news-researchers-find-group-chat-vulnerability-facebook-maintains-messaging-app-is-secured-213522/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>