A team of cryptographers recently found a flaw in WhatsApp’s group chats even after WhatsApp added the end to end encryption to the chats. The report claims that it is possible that anyone can read group chats without admin permission.
This report comes from the Wired.com, which states that some cryptographers from Ruhr University Bochum in Germany revealed this flaw on Wednesday at the “Real World Crypto Security Conference” in Zurich, Switzerland.
The report says that anyone who controls the WhatsApp server can easily insert new people into private group chats. This does not need require permission from the group’s admin and the new person added to the group can read the group chats easily.
Paul Roster, one of the Ruhr University researchers was quoted, “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them.” The report also said that there is no authentication mechanism for the invitation that its own server can add to the group.
The server can easily spoof any new member to the group without asking for permission from the group administrator. WhatsApp is a widely used messenger and is available in more than 60 different languages which include 10 Indian languages.
According to the researchers at Ruhr University, if any hacker got the control over the WhatsApp server will get access to any group chat without admin permission. “He can cache all the message and then decide which get sent to whom and which not,” Mr. Roster added.
WABetaInfo submitted the “Restricted Groups” setting via Google Play Beta Programme in the version 2.17.430. Once restricted, another member won’t be able to respond but can read the chat. They have to use the “Message Admin” button to post anything in the group chat.