undergroundnewsroom.com
undergroundnewsroom.com January 23, 2018


WhatsApp Group Chats Can Be Easily Hacked, Even With End-to-End Encryption

12 January 2018, 03:27 | Jenny Fowler

WhatsApp Encryption Flaw Allows Servers To Add People To Private Groups Without Permission By Jing Xie

WhatsApp Encryption Flaw Allows Servers To Add People To Private Groups Without Permission				
						
		
													
											By				
		Jing Xie

A security flaw in the encrypted mobile messaging service WhatsApp could enable hackers to spy on private group chats, researchers warn.

Security researchers have discovered a method of infiltrating group chats in WhatsApp, effectively rendering the chat tool's end-to-end encryption useless.

According to the report, while Signal and Threema's flaws were not so serious, with WhatsApp they released that anyone with control of the app's servers could insert new people into private groups.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them", Paul Rösler, one of the researchers told Wired.

If admin creates a group chat, he or she has a right to add other members.

According to the researchers, the real power of any group chat lies in the hands of the one who controls the WhatsApp servers and not the groups admin.

New additions to the group chat would be notified to all members of the chat just like normal.

Once a new person is in, the phone of each member of that group chat automatically shares secret keys with that person, giving them full access to all future messages, but not past ones.

Uber and Volkswagen partner with Nvidia on self-driving AI chips
The technology will enable intelligent co-pilot capabilities based on processing sensor data, both inside and outside the auto . This is just one of the many partnerships that NVIDIA has inked to further its position in the self-driving technology arena.

Twitch announces exclusive Overwatch League livestreaming deal
Aside from China, the new agreement provides exclusive worldwide coverage of all of the first two seasons of Overwatch League . Each skin costs 100 League Tokens - the new in-game currency introduced to separate OWL purchases from the rest of the game.

Astros acquire Gerrit Cole from Pirates, trade complete?
Shortly after, FOX Sports reporter Ken Rosenthal, who previously said a deal was "close", appeared to walk back his claim. The Yankees' rotation now includes Luis Severino, Masahiro Tanaka, Sonny Gray and CC Sabathia .

With over 1.2 billion monthly active users, WhatsApp is available in more than 50 different languages around the world and in 10 Indian languages.

In response to the study, Facebook, which owns WhatsApp, has said it won't fix the problem, and that group chats "remain protected" by the app's encryption. "This means the privacy of your end-to-end encrypted group chat is only guaranteed if you actually trust the WhatsApp server". A report by Wired has confirmed these findings with a WhatsApp spokesperson.

"The privacy and security of our users is incredibly important to WhatsApp".

And Facebook's Chief Security Officer Alex Stamos took to Twitter to rubbish the claims.

Yesterday, we reported that FBI Director Christopher Wray asked messaging apps and social media companies to create encryption backdoors exclusively for authorities so that they could nab criminals and deter crimes without compromising the security of the public at large.

The only people who can get access to WhatsApp servers are staff and governments if they are taking some legal actions. In such a case, it is impossible for them to share details with enforcement agencies that they themselves can not access. Since the group ID is a random 128-bit number (and is never revealed to non-group-members or even the server) that pretty much blocks the attack. "There is no way to suppress this message".

Given the alternatives, I think that's a pretty reasonable design decision, and I think this headline pretty substantially mischaracterizes the situation. It is said that this flaw can comprise of the end-to-end encryption of the messaging platform.



Other News

Trending Now

Facebook M, the company's smart assistant, is retiring
According to a Verge report, employees who were working on M will be accommodated in other departments at the company. Facebook has now confirmed that it's going to shut down the M virtual assistant on January 19th.

Google Unifies Its Payment Platforms, Introduces Google Pay
After years of brainstorming - Google finally has had the genius idea of unifying both these platforms under a single brand. Bhat says Google Pay is already available on Airbnb , Dice, Fandango, HungryHouse , Instacart, and other apps and websites.

Assange, now Ecuadoran citizen, still can't leave embassy
Mr Assange then chose Ecuador as his best option to seek asylum when he lost his appeal against extradition to Sweden . According to London's Metropolitan Police, he will be arrested if he leaves the embassy building.

Samsung introduces The Wall, world's first consumer 146-inch MicroLED modular television
It will be available globally but will first come to Korea and the United States in the second half of this year. South Korea and the U.S. will be able to purchase a QLED TV with upscaling to 8K in the second half of 2018.

Pink to sing National Anthem at the Super Bowl 2018
Pop star P!NK will sing the national anthem before Super Bowl LII in Minneapolis next month, the NFL announced Monday. Last year, Lady Gaga played the halftime gig after singing the anthem the year before.

Browns hiring former Packers executive Eliot Wolf
The Cleveland Browns have made a concerted effort over the last several weeks to refigure their front office with new personnel. Dorsey and Wolf, son of former Packers General Manager Ron Wolf, worked together for nine years in Green Bay.

Don't Pass Surveillance Legislation in the Dark
Section 702 is due to expire next week, though intelligence officials say it could continue until April. We need to make sure somebody is watching and there are checks and balances".

As Peak Flu Season Looms, Hospitals Gear Up for Patients
From Colquitt and Tift Regional Medical Center to Phoebe Putney Memorial, hospitals are starting to see cases of the flu. Before 2017, the highest number of Swine flu deaths was reported in 2015 when 21 people died of Swine Flu in the state.

Risky flu season leaves 5 dead in CT
As of December 30, 2017, there have been 27 reports of influenza-associated deaths in patients under 65 years old in California . Commonly-prescribed drugs like oseltamivir, with the brand name Tamiflu, has become hard to find because of the insistent demand.

Restoration of net neutrality rules hits key milestone in Senate
But fear not-there are a number of other ways people are fighting the end of net neutrality, from lawsuits to local legislation . Before this, a lot of the same big tech companies were fairly passive and inactive during the initial protests of the repeal.