<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>

Private end-to-end encrypted Whatsapp group chats are not secured anymore!

29 Jan, 2018
Private end-to-end encrypted Whatsapp group chats are not secured anymore!

Security researchers discovered a vulnerability in Whatsapp & Signal which allows anyone who controls the servers to covertly add new members in a private group.

The purpose of implementing end-to-end encryption was to stop anyone, be it the company himself or the server that transmits the data, from decrypting it. The vulnerability can enable anyone with the access to the server to break the transport security layer and take full control over a group chat. Since Whatsapp & Signal failed to authenticate who is adding a new member in the group, it is possible to add a member in a private group by someone who is neither a group administrator nor a member.

The end-to-end encryption feature relies on the generation of unique security keys using the acclaimed Signal protocol, developed by Open Whisper Systems. Keys are exchanged between users to guarantee communications are secure from interception by middlemen. But Whatsapp can force the new encryption keys to be made for offline users. That means new keys are generated when a user buys a new phone or reinstalls the app. Messages for the user which may have been waiting to be delivered while the user was offline are then re-encrypted and resent by the sender automatically, without the sender having had an opportunity to verify that the recipient is the person intended to receive the message. A sender is notified of the event if the sender has opted to turn on a notification in settings, but not otherwise.

In this process, the re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users' messages.

Individuals, as well as business houses, should also be extremely concerned as many work-related sensitive topics are shared in this platform.

According to the campaigners, it is a huge threat to 'Freedom of Speech'. If Whatsapp is asked by a Government agency to disclose the messaging records, it can easily grant access due to the change in keys. Thanks to the flaw, Whatsapp could potentially be exploited to conduct surveillance.

Whatsapp argued that existing members get notified when a new person is added to the group but if you are in a group of innumerable members, you are likely to ignore such notification easily.

Read Other Articles

Read All Articles »
Android Banking Trojan targets over 232 banking apps, including Indian banks
Android Banking Trojan targets over 232 banking apps, including Indian banks
Read Details »
Top Cyber Attacks In 2017
Top Cyber Attacks In 2017
Read Details »

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details

Breaking News

Breaking News Of Each Month »
ATMs turn into Jackpot machines!
ATMs turn into Jackpot machines!

At least six attacks have taken place within the last week. They ranged in location from the Pacific Northwest to the Gulf region to New England. Thieves have stolen over $1 million in attacks so far.

Read Details