WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany’s Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats.
In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing “private” group chats, researchers found the most serious shortcomings in the immensely popular WhatsApp platform.
The research paper, presented at the Real World Crypto security conference in Switzerland, describes how it would be possible for a complete stranger to add themselves to an encrypted WhatsApp group chat. Although past messages sent to the group would not be visible to the intruder, they could receive future messages.
Clearly, that’s far from good news, but avid WhatsApp users will be relieved to hear that the addition of the unauthorized party is no secret. Every member of the group receives a message saying that someone new has joined the chat, albeit apparently at the invitation of the group chat’s administrator.
Eagle-eyed members of the group, of the administrator themselves, may notice the interloper and warn the legitimate group’s members.
Furthermore, for someone to insert themselves into a group chat – they need to have first gained control over WhatsApp’s servers – something that would, one hopes, be beyond the abilities of the typical hacker but may be within the realm of a state-sponsored attacker or a regime that is able to put legal pressure on the company.
WhatsApp’s failing is possible because the platform fails to properly authenticate group invitations, the paper makes clear:
The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces, since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group. Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces.
As respected cryptography expert Matthew Green explains, the attacks are difficult to pull off successfully, and “nobody needs to panic.”
Nonetheless, that doesn’t mean that the problem should be ignored. Green told Wired that “It’s just a total screw-up” and described the flaw as “eminently fixable.”
In their technical paper, the researchers recommend that group management messages are signed so they can be properly authenticated:
In order to ensure that only administrators of a group can manipulate the member set, the authenticity of group manipulation messages needs to be protected. This can be achieved, for example, by signing these messages with the administrator’s group signature key.
Even though typical WhatsApp users may not lose too much sleep about this particular attack, it may certainly be a concern for journalists and whistleblowers who might have been attracted to WhatsApp in the misguided belief that it delivered total security and privacy.
A WhatsApp spokesperson confirmed the researchers’ findings but reiterated that chat group members would be notified if new parties were added to a conversation:
We’ve looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It’s why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted.
That response may be technically accurate, but I think most WhatsApp users would expect a group chat’s membership to be controlled by the group’s administrator – and not something that could be manipulated by an unauthorized party.
Let’s hope that WhatsApp responds appropriately to the researchers’ findings and plugs this security hole before the threat evolves from being purely theoretical to real life.