Researchers show WhatsApp groups can be hacked

accreditation

Johannesburg - Despite WhatsApp’s secure end-to-end encryption for messages, German researchers have found a loophole that could allow hackers to worm their way into WhatsApp's group chats. 

But management at WhatsApp’s parent company, Facebook insisted that there was no security threat.  

The researchers found that anyone who controls the app’s servers could insert new people into private group chats without needing admin permission.

After an initial story was published by Wired Facebook’s chief security officer, Alex Stamos tweeted that it was not possible to access WhatsApp group chats. 

“Read the Wired article today about WhatsApp – scary headline! But there is no a secret way into WhatsApp groups chats,” Stamos said on Twitter. 

In a further response from Stamos he said there were multiple ways to check and verify the members of a group chat. He argued that since all members of a group chat can see who joins a chat, they’ll be notified of any eavesdroppers.

At the moment WhatsApp servers can only be accessed by its employees and governments who follow the legal route to gain access through court orders. 

According to the research paper published by the German cryptographers "the subsequently described protocol design weakness allows an attacker, controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users.”

“The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rösler, one of the researchers told Wired.

Also the mobile number of every participant in the WhatsApp group shares secret keys with the ‘new member’ giving them full access to future messages.

At present WhatsApp will only allow an administrator of a group to add or remove people and make certain changes to the group. 

In January last year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.

The report said that WhatsApp messages could be read without its billion-plus users knowing this, due to a security backdoor in the way the company had implemented in its end-to-end encryption protocol.

The system relies on unique security keys "that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman," the report said.


* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
14.52
-0.7%
Rand - Pound
20.06
-0.5%
Rand - Euro
17.08
-0.3%
Rand - Aus dollar
10.62
-0.5%
Rand - Yen
0.13
-0.7%
Gold
1,781.64
-0.7%
Silver
23.51
-1.4%
Palladium
2,037.50
+1.1%
Platinum
944.10
-0.4%
Brent Crude
75.46
+2.5%
Top 40
57,891
-0.6%
All Share
64,105
-0.4%
Resource 10
60,762
-0.8%
Industrial 25
80,267
-0.2%
Financial 15
14,153
-0.9%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
What potential restrictions on unvaccinated South Africans may make the biggest difference to public health, the economy?
Please select an option Oops! Something went wrong, please try again later.
Results
Limited access to restaurants and bars
9% - 34 votes
Limited access to shopping centres
17% - 61 votes
Limited access to live events, including sport matches and festivals
29% - 106 votes
Workplace vaccine mandates
45% - 162 votes
Vote