This is because the app’s end-to-end encryption which was introduced two years ago fails to keep the communications between the members of the group chat secret.
A team of researchers at the Germany-based Ruhr University Bochum found that a series of flaws in the instant messaging app make users vulnerable to external snooping. The flaws affected Threema and Signal messaging apps, as well.
While the security flaws found in the latter two apps were harmless, the flaws discovered in WhatsApp were far more serious. Researchers found that everyone who manages to tap into the app’s servers can insert snoopers in multi-person conversations groups. And this can be done behind administrators’ backs.
Researcher Paul Rösler noted that a third-party can obtain access to all new messages. In other words, WhatsApp is not protected against fraudulent adding of uninvited members, which renders the end-to-end encryption of the conversation useless.
WhatsApp Group Chats Vulnerable to Snooping
The only obstacle in hackers’ way is the requirement for them to control WhatsApp servers first. However, professional hackers can break into the servers, while spy agencies and WhatsApp employees can get that access with little to no effort.
The German research team found that hackers can exploit a security vulnerability in the messaging app. Only administrators can invite new members in a conversation group, but they don’t need any authentication method for that operation. As a result, a compromised server can invite new members without the administrators’ consent.
When the hacker fraudulently joins the group, the phones of other members start beaming him secret keys which give him access to future conversations. The hacker cannot access older messages, though.
Nevertheless, the new invitation will be notified to every member of the group, so a vigilant administrator will be able to detect the unwanted member.
Image Source: Maxpixel