WhatsApp Groups Can Be Hacked & Your Conversations Can Be Read, As Per Online Security Experts
If you think your family group chats on WhatsApp are a huge annoyance, always pinging you at the worst possible moments, they’re about to become a much bigger liability,
German security researchers have found a way to crack into WhatsApp group chats despite the app’s end-to-end encryption. They announced the exploit at the Real World Crypto security conference in Switzerland.
Paul Rösler, one of the Ruhr University researchers that co-authored the paper, told Wired that it requires the hacker be in control of the WhatsApp server for that group chat. No doubt, this limits the method to a very sophisticated hacker, but it’s possible nonetheless.
Once in control of the server, the hacker can then insert any new member into the group chat, without the admin’s permission. When that happens, each phone in the chat automatically shares its encryption keys with the new person, giving them access to all future messages in the group but not past ones.
“The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Rösler said. The team found similar flaws in messaging apps like Signal and Threema, but they were far less vulnerable to exploitation.
Meanwhile, WhatsApp parent company Facebook is denying the exploit is at all a threat. “Scary headline! But there is no [sic] a secret way into WhatsApp groups chats,” Facebook Chief Security Officer Alex Stamos said on Twitter. After all, there’s the fact that the members in the group would see a new person joining and know they’re not supposed to be there.