Whatsapp's Private Group Chats Can Be Hacked Without Admin Permission

Whatsapp emerged as one of the leading messenger apps in the world due to its end to end encryption feature that made it impossible for an outsider to secretly eavesdrop on your conversation. Thanks to that, the messaging app accumulated unwavering loyalty of more than 1 billion daily active users as announced by Whatsapp last July. A team of German cryptographers just discovered that ain’t true anymore as Whatsapp’s group chats could be infiltrated by potential “hackers” without admin’s approval.

The end-to-end encryption protocol served by the Facebook-owned company eliminated the three big players in security theft - malicious user, network attacker, and malicious server. The encryption security offered to the users made it impossible for any company including Whatsapp or any server that transmits the data to decrypt your messages or establish a centralized position to manipulate your data.

The tables have turned it seems, for Researchers from Ruhr-Universität Bochum (RUB) in Germany have found a shocking revelation stating, “Anyone who controls the app’s server could insert new people into private group chats without needing admin permission.” The report further explains that “Only an administrator of a Whatsapp group can invite new members, but Whatsapp doesn’t use any Authentication mechanism for the invitation that its own servers can’t spoof.” The absence of this authentication mechanisms allows the server to add a new member to a Whatsapp chat group without the permission of the group chat administration. According to the report, “The phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages.”

Paul Rosler, one of the researchers explains, “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them.” “He can cache all the messages and then decide which get sent to whom and which not,” Rosler added. The two-year-old end-to-end encryption has played a vital role in establishing Whatsapp’s credibility, however, with the latest flaw disclosed, the messaging app might expect a few controversies. 

Speaking of controversies, it wasn’t too long ago when Whatsapp was in trouble with Indonesian government for showcasing lewd GIF images. The country witnessed a lot of users exchanging information related to the pornographic content which led the Indonesian government to take the issue to Whatsapp. WhatsApp fired back stating that the company couldn’t monitor the GIF images due to its end-to-end encryption which is set to ensure that users and the individuals they are communicating with can only read the messages. The government even threatened to block the messaging app if the scenarios didn’t change. Whatsapp has become an integral part of digital communication. Despite having rival messaging apps like Signal, the Facebook-owned company has gathered unwavering loyalty. Naturally, if the company wants to maintain that, tighter security needs to be enforced.