Skip to main content
  1. Home
  2. Mobile
  3. News

Hackers may be able to access private WhatsApp conversations

By

whatsapp
WhatsApp
Private conversations beware! Despite end-to-end encryption now being commonplace in WhatApp conversations, German cryptographers have discovered a minor flaw in WhatsApp’s security that could lead to private conversations being gatecrashed by uninvited hackers, bypassing the usual chat admin invitations.

In their paper, More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema, presented to other enthusiasts at the Real World Crypto Symposium in Zurich, Switzerland, the team warned that WhatsApp has no security measures to stop invitations being spoofed from their own servers, leaving a hole that could leave millions of conversations at risk of being snooped on.

Recommended Videos

But it’s not all bad news. Essentially, the hacker would need to be in control of WhatsApp’s main chat servers — a fairly tall order — and only then would they be able to bypass the group’s administrator and insert users into any conversation. However, anyone who did manage to achieve this would then have near limitless power within the chat, being able to selectively block message visibility from accounts, and even block users from participating in the chat.

Related

However, Facebook-owned WhatsApp doesn’t seem to be too worried about the potential hole in its security. A WhatsApp spokesperson (speaking to Wired) admitted that the flaw was real, but pointed out that there was no way that the added user could be hidden and receive messages from the group. WhatsApp has built-in security measures that stop hidden users from being able to participate in group chats, and anyone who wanted to snoop on a particular chat would find their cover quickly blown when the client announced their arrival to everyone in the chat, making it an inefficient way to spy on users. What’s more, disabling the flaw would likely break the “Group Invite Link” feature that many group chats enjoy — implying that the security issue likely stems from this particular feature.

However, Matthew Green of Johns Hopkins University called WhatsApp’s response “dumb,, likening it to leaving a bank’s vault open and relying on a single security camera to deter criminals. If any really sensitive information was stored in that group chat, then the hacker would have access to it, making WhatsApp’s lauded encryption useless.

WhatsApp has been in the news multiple times for reasons of security. After making all messages sent on its platform fully encrypted in 2016, the chat company has faced criticism from U.K. lawmakers, while action taken by Brazil was of a more serious nature.

Editors’ Recommendations

Topics
Mark Jansen
Mark Jansen
Contributor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
What is WhatsApp? How to use the app, tips, tricks, and more
WhatsApp logo on a phone.

There’s been no shortage of instant messaging apps over the past decade, as the rise of advanced smartphone platforms has created the need for more sophisticated ways to communicate than traditional SMS text messages allowed for.

In fact, the Apple App Store and Google Play Store are both littered with apps that promised to be the next big thing in mobile communications. Yet, many of those fell by the wayside as they failed to achieve the critical mass of users needed to make them useful. After all, apps designed for communicating with others don’t do you much good unless enough folks are using them.

Read more
Apple and Google are teaming up to make tracking devices less creepy
Apple AirTag lifestyle image.

Apple and Google are partnering to develop a new standard for Bluetooth tracking devices that seeks to stop malicious stalking and other abusive use of gadgets like the Apple AirTag. Essentially, this would be a universal, OS-level tracker detection and alert system that will work uniformly across Android and iOS. The two companies are inviting stakeholders to review the proposal and submit their feedback within the next three months.

Once the feedback period is over, all the involved parties will work together to finalize the technical standardization, with the hope of releasing a market-ready version by the end of the year. Following the release and adoption by makers of tracking devices, the tech will be generally made available via a software update for Android and iOS devices.
Better late than never

Read more
Check your Apple Card right now — you may have a crazy 10% cash-back promo
Daily Cash page for the Apple Card, showing a 10% back promo for grocery store purchases.

If you’re an Apple Card user, you may want to check if you have a new offer waiting for you that will net you up to 10% cash back on grocery store purchases. Yes, you read that correctly — 10% cash back.

Apple is quietly boosting Apple Card rewards with this new promotion that seems to only be available to select users through May 31. The timing of this offer follows the launch of the Apple Card Savings account earlier in the month.

Read more