A failure of WhatsApp allows anyone to read group chats - CYDIAPLUS.com


Post Top Ad

Post Top Ad

Thursday, 11 January 2018

A failure of WhatsApp allows anyone to read group chats

This 2018 promised very well for WhatsApp, which has just implemented important functions for the audios ... however a group of cryptographers from the University of Ruhr (Germany) has come up with an important vulnerability in the most popular messaging app on the planet that it would make it possible for anyone to enter to read the messages of a group chat .

How? But did not WhatsApp have robust end-to-end encryption as secure? As always in computing, a system is as secure as it has the same security as the weakest link in the chain, in this case access to the server. But it is not so simple: only a level hacker, an employee of the firm or the government could take advantage of this signature to enter our groups and read the messages.

Beware that this vulnerability that we echo does not only affect WhatsApp, but also Signal and Threema have it, but of course, given the popularity of the app owned by Zuckerberg, the biggest potential risks are there .

As they explain in their article entitled More is less: about the integral security of group chats in Signal, WhatsApp and Threema , which Gizmodo has translated perfectly:

The weaknesses described allow the attacker A, who controls the WhatsApp server or has managed to break the security of the transport layer, to take total control over a group. Entering the group leaves a trace, since the operation is reflected in the graphical user interface, but the WhatsApp server can reorder and release the messages stealthily in the group. In this way, it could cache the messages sent to the group, read its contents first and decide in which order they are delivered to the members. In addition, the server could forward these messages to members individually, so that a combination of messages chosen subtly could help you to cover your trail.

In short: the key to everything is the administrator and his permission to invite more people to the group . When someone manages to take control of the server, they can grant their permissions and add new users because this process is also easily falsifiable due to the lack of authentication mechanisms.

Since WhatsApp has confirmed that indeed, the attack could occur, but if someone managed to sneak into a group chat, it would be seen by the rest when the notification of the new member appears , skipping all the alarms.

So it is not so easy to access this vulnerability or the attack would be so silent , but it is not an excuse for WhatsApp to take action on the matter and solve it as soon as possible.

Via | Wired 

No comments:

Post a Comment

Post Top Ad