Day 11 of 2018 and the internet is already overflowing with reports of hacks and breaches. And here is another dramatic disclosure joining the list.
Recently, a group of German cryptographers discovered a nasty flaw in WhatsApp that can infiltrate the app's group chats much easier than ought to be possible. Any outsider can eavesdrop on WhatsApp’s private end-to-end encrypted group chats.
Back in 2016, when Facebook-owned, WhatsApp added the end-to-end encryption to the chats for its users, the company raised the bar of privacy for digital communications. The main reason behind end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even WhatsApp or the server that transmits the data, can decrypt any messages. But, the level of hackers’ know-how has reached the next level it seems like nothing is completely safe.
On Wednesday, at the Real World Crypto security conference in Zurich, Switzerland, a squad of brilliant researchers from the Ruhr University Bochum, Germany described a chain of flaws in encrypted messaging apps. According to the researchers, anyone who controls WhatsApp’s servers can secretly and anonymously add new members to a private group, allowing that new member to spy on the group conversations, even without the permission of the administrator.
In response to what the German researchers have stated, the mobile messaging giant, WhatsApp has argued that if any new member is added to a group, other group members will get notified for sure.
"We're looking at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson said. "The privacy and security of our users are incredibly important to us. That’s why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."