In May 2016, Facebook-owned-WhatsApp had introduced the end-to-end encryption for its users across the globe. This had raised the bar of privacy in the digital messaging ecosystem. But it has become difficult for WhatsApp to keep up the security standards, most importantly when it comes to group chats.
However, a team of German researchers claims that they have discovered flaws in WhatsApp group chat. Basically, they have found a way to breach WhatsApp's security to infiltrate into group chats despite the end-to-end encryption technology.
German cryptographers claim that the flaw makes it easy for anyone to infiltrate private group chat without the permission of the group admin. WhatsApp, however, has turned down the claim.
The researchers from Ruhr University Bochum in Germany announced this big news at the "Real World Crypto Security Conference" which was held in Zurich, Switzerland, on January 10.
"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them. If I hear there's end-to-end encryption for both groups and two-party communications that means adding of new members should be protected against. And if not, the value of encryption is very little," Paul Rösler, one of the Ruhr University researchers, told Wired.com.
While demonstrating how the group chats can be hacked on WhatsApp, the report marked a point how their attack takes advantage of a simple and small bug and infiltrate the group conversation. However, an admin is the only one who can invite new members to the group, but WhatsApp doesn't have a mechanism to authenticate that invitation which its own server can spoof.
Basically, the server can add a new member to the group without the concern of the administrator.
Responding to the report, WhatsApp said, "We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user."
"The privacy and security of our users are incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."
In their report, the researchers have also described several methods which can be used to delay the detection of a new participant.