Breaking News

The failure of WHATSAPP that allows third parties to infiltrate a group and read their conversations

enero 12, 2018

The failure of WHATSAPP that allows third parties to infiltrate a group and read their conversations




If something is reiterated WhatsApp every time you force us to download a new version is that, since the platform installed its end-to-end encryption, our conversations in it are "safe and private."

But a team of researchers in Germany announced on Wednesday, during a conference in Switzerland, a system failure that allows third parties to infiltrate a private group and read the messages.

The cryptologists of Bochum University-Ruhr, in the northwestern part of the country, they published a report on January 6th: "More is less: on the end-to-end Security of Group chats in Signal, WhatsApp, and Threema" (More is less: about end-to-end encryption in group chats of Signal, WhatsApp and Threema ".

The document claimed that there is a vulnerability that makes it possible for a hacker to control the application's servers to add a new user to the group without permission from the administrator.

How to use Signal, Edward Snowden's safe messaging service
Five keys to understand the new encryption of WHATSAPP messages and how it affects you
The failure would allow the infiltrator not only to spy on the conversations, but also to store those data, said Paul Rösler, one of the investigators.

What is end-to-end encryption?

  • A unique encryption that does not need to create secret or special chats to protect privacy.
  • Restricts the possibility that third parties can decrypt these codes.
  • WHATSAPP has this system of encrypted messages from 2014.
  • Both Apple and Google apply the same system on their cell phones to protect sensitive information from possible hacker attacks.
  • There are other messaging applications with end-to-end encryption such as Telegram.
  • It is not possible to disable it and the changes are made automatically.
German specialists say that the error is that the process of inviting other people to the group does not have any authentication mechanism that cannot be falsified by those who manage the servers.

Therefore, if a hacker wants to take advantage of the system "just" has to access the servers of WHATSAPP and grant the necessary permissions to add himself (or another person) to the conversation.

"The confidentiality of the group is broken as soon as the uninvited member can get all the new messages and read them," Rösler explained in the report.

"If there is an end-to-end encryption, both for groups and for communications between two parties, that means that they must be protected from the possibility of new members being added. Otherwise, the value of the cipher is very little, "he added.

But wouldn't the members of the group realize that there is a new participant? What's the point of "sneaking in"?

Researchers say that attackers could use the vulnerability to fend off tricks with which to prevent group members from seeing that there is a new person, for example, blocking certain messages (like those that warn that a new person was added).

"Almost Impossible"

However, from WhatsApp ensure that the fault is not so serious.

Sources of the company told the technological magazine Wiredque know since July the existence of the error, and said that it is not possible to add a new person to a group in a secret way.



The company-which belongs to Facebook-assured that the problem is "theoretical" and was corrected with a new feature that makes it almost impossible for an attacker to decrypt the messages.

"We have analyzed this issue carefully," said a spokesperson for the company. "Platform members are notified every time someone new is added to a group of WhatsApp."

"We built WhatsApp so that group messages could not be sent to a hidden user. The privacy and security of our users is very important to us, so we collect very little information and all messages are sent with end-to-end encryption. "

Each time a person joins or leaves a group of WhatsApp, the members of it receive a "special" message in blue informing about it. The new members of the group do not have access to the messages that were sent before their arrival.

In addition, it is possible to check who are the members of the group by clicking on the tab "Information about the group". And each chat in WHATSAPP has a unique security code that is located in the contact Information screen and is available in QR code form and 60 digits.

The cryptologists of the university-Ruhr of Bochum, however, say that the technology company should add an even more robust form of authentication for the groups.

No hay comentarios

Suscribirse a: Enviar comentarios ( Atom )