Share

Researchers show WhatsApp groups can be hacked

Johannesburg - Despite WhatsApp’s secure end-to-end encryption for messages, German researchers have found a loophole that could allow hackers to worm their way into WhatsApp's group chats. 

But management at WhatsApp’s parent company, Facebook insisted that there was no security threat.  

The researchers found that anyone who controls the app’s servers could insert new people into private group chats without needing admin permission.

After an initial story was published by Wired Facebook’s chief security officer, Alex Stamos tweeted that it was not possible to access WhatsApp group chats. 

“Read the Wired article today about WhatsApp – scary headline! But there is no a secret way into WhatsApp groups chats,” Stamos said on Twitter. 

In a further response from Stamos he said there were multiple ways to check and verify the members of a group chat. He argued that since all members of a group chat can see who joins a chat, they’ll be notified of any eavesdroppers.

At the moment WhatsApp servers can only be accessed by its employees and governments who follow the legal route to gain access through court orders. 

According to the research paper published by the German cryptographers "the subsequently described protocol design weakness allows an attacker, controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users.”

“The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rösler, one of the researchers told Wired.

Also the mobile number of every participant in the WhatsApp group shares secret keys with the ‘new member’ giving them full access to future messages.

At present WhatsApp will only allow an administrator of a group to add or remove people and make certain changes to the group. 

In January last year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.

The report said that WhatsApp messages could be read without its billion-plus users knowing this, due to a security backdoor in the way the company had implemented in its end-to-end encryption protocol.

The system relies on unique security keys "that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman," the report said.


* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.00
-0.3%
Rand - Pound
24.14
-0.1%
Rand - Euro
20.65
-0.3%
Rand - Aus dollar
12.38
+0.3%
Rand - Yen
0.13
+0.5%
Platinum
905.16
-2.0%
Palladium
1,006.63
+0.1%
Gold
2,157.24
-0.2%
Silver
24.94
-0.4%
Brent Crude
86.89
+1.8%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders