Facebook Dismisses Claim WhatsApp Chat Groups Can Be Infiltrated

German researchers have claimed there is a way to infiltrate WhatsApp’s group chats and listen on private messages, despite its end-to-end encryption.

It seems that anyone who controls WhatApp’s servers could insert new people into private group chats without needing admin permission.

But one Facebook official has hit back at the claim, and said that any members of a chat group would be notified if a new member joined, and there was no secret way into WhatsApp chats.

Infiltrating Chat

Researchers from the Ruhr University Bochum in Germany had announced they had discovered flaws in WhatsApp’s security at the Real World Crypto security conference in Switzerland, according to Wired.

That report stated that the researchers had found flaws in WhatsApp, to make infiltrating the app’s group chats much easier than ought to be possible. It cited the researchers as saying that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group.

This can apparently be done even without the permission of the administrator who controls access to that conversation.

And once that new person is added, the phone of each member of that chat group automatically shares secret keys with that person, giving them full access to all future messages, but not past ones.

“The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rösler, one of the researchers told Wired.

The researchers recommend in their paper that users who rely on absolute privacy should stick to Signal or individual private messaging.

But there are a few issues with the researchers claims.

Firstly, control of WhatsApp servers tends to be only possible by Facebook (which owns WhatsApp), and governments who can demand access to the servers.

Or course, there is a possibility that hackers could gain control of WhatsApp servers, but this is somewhat unlikely.

And Facebook’s Chief Security Officer Alex Stamos took to Twitter to rubbish the claims. “Read the Wired article today about WhatsApp – scary headline! But there is no [sic] a secret way into WhatsApp groups chats,” he tweeted.

Essentially, Stamos said the researchers report was flawed, as no one can secretly add a new member to a group.

This is because a notification does go through that a new, unknown member has joined the group, alerting people of the new unknown member.

He also said there are multiple ways to check and verify the members of a group chat.

“In sum, the clear notifications and multiple ways of checking who is in your group prevents silent eavesdropping,” Stamos tweeted. “The content of messages sent in WhatsApp groups remain protected by end-to-end encryption.”

Silicon UK approached both WhatsApp and Facebook for comment, but received no reply at the time of writing.

Loading ...

WhatsApp Security

WhatsApp’s security has faces security questions before.

In 2015 the 200 million users of the WhatsApp Web service were warned they could be at risk of having malware installed on their machines without them knowing, after security experts at Check Point found an exploit that could allow attackers to trick victims into executing malware on their machines.

That same year, WhatsApp earned just one star out of a possible five for security in the Electronic Frontier Foundation’s (EFF) annual ‘Who has your back?’ security report.

WhatsApp had earned just one star because it failed to earn stars on disclosing government-issued data requests, disclosing policies on data retention, and following industry-accepted best practices for security.

And then last year, both WhatsApp and Telegram said they had patched ‘severe’ vulnerabilities, after Check Point flaws associated with the web versions of the chat applications.

That came after WikiLeaks published sensitive US intelligence data that revealed that American spy agencies such as the CIA supposedly had the ability to bypass the encryption on WhatsApp, Telegram and Signal.

Do you know all about security in 2017? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Bitcoin Value Reaches $63,000 Record High

The value of the Bitcoin cryptocurrency continues to fluctuate, but has now surpassed $63,000 in…

10 hours ago

Iran’s Natanz Cyberattack Blamed On Israel

Second Stuxnet? Iran's Natanz nuclear facility suffered another cyberattack at the weekend, with the finger…

11 hours ago

Google Founders Larry Page, Sergey Brin Personal Fortune Grows

Share surge in Alphabet over the past year allows founders Larry Page and Sergey Brin…

14 hours ago

Apple Teases New Devices With ‘Spring Loaded’ Event

New devices to be revealed next week may include new iPads, AirTags, or even augmented…

15 hours ago

Chip Shortage – Renault To Extend Idle Factories Until September

Three of Renault's four car factories in Spain will be partly idled until end of…

18 hours ago

NHS Website Crashes Briefly Amid Rush For Vaccine Bookings

After the government authorises Covid-19 vaccines for over 45s, NHS booking website crashes briefly under…

18 hours ago