DURBAN - Cryptographers form Germany have found a way to penetrate WhatsApp group chats despite the app's end-to-end encryption.
Researchers reported that they had found flaws in the security of the social networking app at the Real World Crypto security conference in Switzerland, according to Wired.com.
Any individual that is in charge of the servers could embed new people in private group chats without needing the authority from the admin. Once the person enters the chat, the phone of each member on the group chat shares secret keys with the new person. This gives them complete access to all future messages, but not the old ones. It would appear as if the new person on the group chat had the authority of the admin to enter the chat.
Paul Rösler, one of the researchers said, "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them".
The researchers advised in their paper that sums up their findings, that users who rely on complete privacy should stick to Signal (an encrypted communications app) or private messaging.
On the surface, the social messaging app that is owned by Facebook seems to have a major security flaw. But how simple can it be to get access to the WhatsApp servers?
Staff and governments can legally demand access to the servers and top level hackers can control WhatsApps servers.
Alex Stamos, the Chief Security Officer of Facebook, in response to the report said on Twitter, "[sic] Read the Wired article today about WhatsApp – scary headline! But there is no secret way into WhatsApp groups chats".
Stamos argued against the report, stating that there are many ways to check and validate the people on a group chat. He said that since all the members of a group chat can see who enters the chat, they will be informed of any eavesdroppers.
It is also worth asking what a redesigned WhatsApp will look like without this fault. Stamos said that if WhatsApp were to be redesigned, that would reduce the ability of it to be an easy to use device.
A security researcher at Signal, which licenses its rules of conduct to WhatsApp, said that the current design of he app is fair and that the report only sends a message to other people not to "build security into your products, because that makes you a target for researchers, even if you make the right decisions".
- BUSINESS REPORT ONLINE