So the server can simply add a new member to a group with no interaction on the part of the administrator.
Computer researchers have discovered a set of flaws in WhatsApp that could allow uninvited individulals into private group chats.
"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group".
Wired confirmed the researchers' findings with a WhatsApp spokesperson.
The vulnerabilities found in Threema and Signal are relatively harmless compared to the problems researchers found with WhatsApp, because of the relative ease with which new people can be inserted into private groups without any permission.
WhatsApp is likely to give group administrators more powers where they will be able to restrict all other members from sending text messages, photographs, videos, GIFs, documents or voice messages in case the admin thinks so.
The attack apparently takes advantage of a bug in how WhatsApp handles group chats - in that while only the administrator of a group can invite new members the platform does not use any authentication mechanism for an invitation that its own servers cannot spoof. It would appear as if the new member had the permission of the admin to join.
According to the researchers, once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group.
Moxie Marlinspike from Signal, upon whose open-source security protocol WhatsApp is built upon argued - "That If someone hacks the WhatsApp server, they can obviously alter the group membership" but if they do add themselves to a group then, "The attacker will not see any past messages to the group; those were e2e encrypted with keys the attacker doesn't have and all group members will see that the attacker has joined". However, this is a security hole that can not be excused, claims the report.
In their paper titled More is Less: On the End-to-End security of group chats in Signal, WhatsApp and Threema, they have outlined a series of flaws that allows an impostor to invade your group chats or worse yet, control who gets added or deleted to the group. End-to-end encryption offered by WhatsApp should be applicable on the server level to prevent such issues.
According to WABetaInfo, a fan site that tests new WhatsApp features early, the popular mobile messaging platform has submitted the "Restricted Groups" setting via Google Play Beta Programme in the version 2.17.430.
- Golden Globes Winners: Oprah and the Simmering Rage of Women
- Pennsylvania heroin and opioid epidemic a disaster, governor says
- Tesco's record festive trading hurt by Palmer & Harvey collapse
- Feinstein Releases Fusion Founder Transcript; Dossier Author Feared Trump Blackmailed
- Jay Bruce returning to New York Mets
- Joe Arpaio points to political traits he shares with Trump
- Top Fox News DC Reporter James Rosen Left Network After Harassment Claims
- YouTube Address Logan Paul Video
- Houston Rockets: 3 keys to defeating the Blazers on Wednesday
- Apple plans more features for parents to control kids' phone use