Back in 2016, WhatsApp, the popular instant messaging app, introduced end-to-end encryption. This essentially meant that messages you send to a contact would be encrypted and then decrypted by the recipient’s phone. So theoretically, intercepting and reading a message would not be possible by a third party. Well, a group of German researchers seem to think different.
At a conference called the Real World Cryto security conference, a group of researchers from the Ruhr University Bochum in Germany spoke about flaws they have discovered in messaging apps such as WhatsApp, Signal and Threema, all of which use encryption methods to secure their messages. According to them, in comparison to Signal and Threema, WhatsApp has a higher security risk.
According to the researchers, the WhatsApp attack takes advantage of a basic flaw. Essentially, anyone who controls WhatsApp’s servers could easily add new unidentified people into WhatsApp groups without the permission of the group administrator despite the administrator having full access to adding and removing members.
As you know, only the administrator of a WhatsApp group can add/remove members. The problem is that WhatsApp doesn’t use any sort of authentication for the invitation. Accordingly, the server can just add a new member to an existing group without any interaction from the administrator.
Once the unidentified person has been injected into the group, the other members would receive a message informing them that a new member has been added, seemingly at the behest of the group admin. If the admin is keeping an eye on things, then he/she would know that a foreign party has entered the group and warn members about it.
Once the eavesdropper is in the group, he/she would have access to all future messages sent on the group as WhatsApp would generate secret keys for each member in the group and share it with the newcomer. Obviously, this would nullify what end-to-end encryption is because servers shouldn’t expose contents, even when exposed.
The researchers explained that since the attacker has control of the WhatsApp server, he/she could even manipulate the server to block out any messages in the group. This would include messages asking about the new member and even those that say to be wary of the newcomer.
Well, according to WhatsApp, owned by Facebook, WhatsApp servers can only be controlled by staff, Governments who legally demand access, and high-level hackers. This doesn’t really help in calming down the masses. Of course, in Sri Lanka, most people don’t really understand or realize the issue of privacy. In addition, the data protection act is not strictly enforced but it’s still a bit of a cause for alarm. It is quite unsettling to know that a government agent could just join a private group you’re in and just listen along to what’s happening.
Following the presentation of the researchers at the forum, a WhatsApp spokesperson explained that the privacy and security of users is a top concern of theirs. In reality, an attack of this nature is bound to be uncovered sooner or later. Despite the sheer number of members in a group, someone is bound to notice an unexpected “guest” in their group.
WhatsApp staff have also notified the researchers that they have fixed one component of the encryption so that future messages would not be infiltrated by unknown parties. They also told the researchers that the group invitation bug was “theoretical” and would not qualify for Facebook’s bug bounty program. This is where researchers are paid to report hack able flaws in the company’s software.
Overall, even if this sort of attack is possible or not, it always helps to keep a keen eye on the members of any WhatsApp group you’re in. If you notice anyone who should not be there, immediately notify the group admin. If you are the group admin, make sure you’re familiar with everyone in the group.
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
thank you for subscribing 🙂
awww something went wrong 🙁
We respect your privacy and take protecting it seriously
What kicked off in 2011 as a friendly gaming event has now developed into a fully-fledged gaming tournament. With the goal of promoting team building, leadership, and planning, the Virtusa
What kicked off in 2011 as a friendly gaming event has now developed into a fully-fledged gaming tournament. With the goal of promoting team building, leadership, and planning, the Virtusa LAN Challenge 2018 is happening.
Semi-Finals of the internal tournament will take place on the 22nd and 23rd of January 2018 at Virtusa premises.
january 22 (Monday) - 23 (Tuesday)
Virtusa Pvt. Ltd. 752, Dr Danister De Silva Mawatha, Colombo 09
The main purpose of the workshop is to give students the ability to analyze and present data by using Azure Machine Learning, and to provide an introduction to the use
The main purpose of the workshop is to give students the ability to analyze and present data by using Azure Machine Learning, and to provide an introduction to the use of machine learning and big data.
Module 1: Introduction to Machine Learning
This module introduces machine learning and discussed how algorithms and languages are used.
· What is machine learning?
· Introduction to machine learning algorithms
· Introduction to machine learning languages
Module 2: Introduction to Azure Machine Learning
Describe the purpose of Azure Machine Learning, and list the main features of Azure Machine Learning Studio.
· Azure machine learning overview
· Introduction to Azure machine learning studio
· Developing and hosting Azure machine learning applications
Module 3: Managing Datasets
At the end of this module the student will be able to explore various types of data in Azure machine learning.
· Categorizing your data
· Importing data to Azure machine learning
· Exploring and transforming data in Azure machine learning
Module 4: Building Azure Machine Learning Models
This module describes how to use regression algorithms and neural networks with Azure machine learning.
· Azure machine learning workflows
· Using regression algorithms
· Using neural networks
Module 5: Using Azure Machine Learning Models
This module explores how to provide end users with Azure machine learning services, and how to share data generated from Azure machine learning models.
· Deploying and publishing models
· Consuming Experiments
Module 6: Using Cognitive Services
This module introduces the cognitive services APIs for text and image processing to create a recommendation application, and describes the use of neural networks with Azure machine learning.
· Cognitive services overview
· Processing language
· Processing images and video
· Recommending products
Feel free to contact us for any inquiries
uditha bandara – 0716092918
All Day (Wednesday)
ANC education ,310 R A De Mel Mw, Colombo 03 00300
Blue Chip Training0716092918
Startup Weekend is a global phenomenon - 54 hours of fast and furious prototype development through to exploring potential markets and pitching. It’s an unparalleled opportunity to build lasting relationships
Startup Weekend is a global phenomenon – 54 hours of fast and furious prototype development through to exploring potential markets and pitching. It’s an unparalleled opportunity to build lasting relationships with co-founders; mentors, and investors.
The real value comes from taking an idea from concept through to execution using Lean tactics and working under high pressure with the best startups.
26 (Friday) 5:00 pm - 28 (Sunday) 8:00 pm
Oak Ray Regency Kandy
Oak Ray Regency Kandy, No 9, Devani Rajasinghe Mawatha,, 20000 Kandy