Gadgets Magazine

Potential Attackers: Exploit WhatsApp Flaws & Users Encrypted Chats

Posted on the 15 January 2018 by Ruby Mariah @rubymariah22

Potential Attackers: Exploit WhatsApp Flaws & Users Encrypted ChatsNow Potential Hackers can attack end-to-end encrypted group chats on WhatsApp messenger and the information of the users may compromise, according to the latest revelations that have popped up in the New Year. On the other hand, users of the social messaging app have to take precautionary measures against the attackers such as malicious user, network attacker and last but not the least malicious server. Furthermore, experts have an opinion that encryption protocol can play an effective role to protect the social messaging apps services.

WhatsApp messenger end-to-end encrypted group chats that users usually do on the social media platform may go into the wrong hands; new revelations of the year 2018 stated that. Therefore, users that are using the mighty messenger over the year have to make some decisions to secure the social messaging services to the fullest.

However, encryption protocol would be effective ones to secure the messenger encrypted group chats and the rest of others instant messaging services as well. The main reason behind the implementation of the end-to-end encryption to avoid the use of intermediate servers in that way that no one can get their hands on your messages, not even the company and the server that are able to transmit your data. In-short the information in the shape of messages or chats could not be compromised having end-to-end encryption.

It means if a company has got a corrupt employee then, he would not be able to get their hand on end-to-end encrypted communication happen between the other employees. Anyhow, all the trendy social messaging apps such as Whatsapp, Threema, and signal yet not have completely got the zero-knowledge system.

According to the researchers

The German researchers the University Of Bochum (RUB), the one that can get control on the WhatsApp instant messenger can secretly provide access to new members in a private chat group, that empowers them to get their hands on group conversations, and they don’t require permission from the admin

Researchers added that

Researchers have their view that, if users in the shape of pairs and doing communication, then the server can play a significant role, but on the other hand if the users are in a number of and making chat conversations, then the server becomes more important to deal with the whole process.

That’s where the real problems lie, having a blind trust in the company provided servers in order to deal with the members that have a complete privilege to the entire group conversations and the actions within. 

As already addressed in the latest published RUB paper, named “More is less: The group chats secured with the end-to-end encryption on messengers such as WhatsApp, Threema and others, “the mighty WhatsApp and Signal social messaging apps has failed to provide fully secured administrator and even not be able to prevent unauthorized person and member of the group to add anyone to the group chat.

Then what’s next, if you are worrying that the addition of the new member to the chat group also show you the visual notification to the members, in reality, it is not the case.

Researchers further added that,

They further stated that a rouge admin or the corrupt employee having complete access to the server can also exploit the group management messages that really have created to get alerts regarding the group members of new member.

They actually have explained the weaknesses an attacker a have, that actually has its control over Whatsapp server and even can bypass the transport layer security, and finally get control of the group. Moreover, getting access to the group may leave traces at the operation is been listed into the messenger’s group, “published in a newspaper.

At the end of the day, it can get the access to the sent messages, into the group, read the entire content initially and then further how the chat would be delivered to members. On the other hand, the social media app WhatsApp server can further deliver the messages to the individual members for precisely selected a combination of messages that help out to cover the traces. The instant messengers WhatsApp officials had their view that, if someone has added anyone to the group, then all the other members of the group get the notification for sure.

“We have not taken these issues for granted and have also looked into the issues seriously. The member of the group will be notified when someone has got access to the group and we have developed Whatsapp in such a way that group chat messages cannot send to a hidden user, “

Whatsapp spoke person further added that to the Wired.

“The privacy and protection of our users are very important for the Whatsapp. That’s a reason behind getting very less amount of data and messages are secured with the end-to-end encryption”.

On the other hand, if you are not the part of the group that has very few members, then users mostly ignore the notifications. Researchers further express their views and opinions that companies need to add an authentication mechanism and they should make it sure that “singed group management messages should come from the admin of the group. Anyhow, it is not that much easy for an attacker to execute such attempts, so users should not bother it.


Back to Featured Articles on Logo Paperblog