WhatsApp flaws

Researchers at Germany’s Ruhr University Bochum released a technical research paper outlining security shortcomings in WhatsApp, that could allow unauthorized users to infiltrate and spy on private group chats. 

WhatsApp, bought by Facebook in 2014, is widely considered a secure messaging platform that supports end-to-end encryption and is based on the app’s highly regarded Signal protocol, developed by Open Whisper Systems.

Some of the WhatsApp flaws are described in the paper’s abstract: 
 
“Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.” 

The paper “More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema”, was released last week. 

According to a public statement, however, WhatsApp downplayed the impact of the group invite flaw since users can not secretly add a new member to a chat group.

Members would receive notifications when an unknown member joins the group.

Andy Greenberg from Wired.com also provided a nice article on the group invite bug. 

Leave a Reply

Close Menu