Skip to main content
  1. Home
  2. Mobile
  3. News

Hackers may be able to access private WhatsApp conversations

By

whatsapp
WhatsApp
Private conversations beware! Despite end-to-end encryption now being commonplace in WhatApp conversations, German cryptographers have discovered a minor flaw in WhatsApp’s security that could lead to private conversations being gatecrashed by uninvited hackers, bypassing the usual chat admin invitations.

In their paper, More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema, presented to other enthusiasts at the Real World Crypto Symposium in Zurich, Switzerland, the team warned that WhatsApp has no security measures to stop invitations being spoofed from their own servers, leaving a hole that could leave millions of conversations at risk of being snooped on.

But it’s not all bad news. Essentially, the hacker would need to be in control of WhatsApp’s main chat servers — a fairly tall order — and only then would they be able to bypass the group’s administrator and insert users into any conversation. However, anyone who did manage to achieve this would then have near limitless power within the chat, being able to selectively block message visibility from accounts, and even block users from participating in the chat.

Related

However, Facebook-owned WhatsApp doesn’t seem to be too worried about the potential hole in its security. A WhatsApp spokesperson (speaking to Wired) admitted that the flaw was real, but pointed out that there was no way that the added user could be hidden and receive messages from the group. WhatsApp has built-in security measures that stop hidden users from being able to participate in group chats, and anyone who wanted to snoop on a particular chat would find their cover quickly blown when the client announced their arrival to everyone in the chat, making it an inefficient way to spy on users. What’s more, disabling the flaw would likely break the “Group Invite Link” feature that many group chats enjoy — implying that the security issue likely stems from this particular feature.

However, Matthew Green of Johns Hopkins University called WhatsApp’s response “dumb,, likening it to leaving a bank’s vault open and relying on a single security camera to deter criminals. If any really sensitive information was stored in that group chat, then the hacker would have access to it, making WhatsApp’s lauded encryption useless.

WhatsApp has been in the news multiple times for reasons of security. After making all messages sent on its platform fully encrypted in 2016, the chat company has faced criticism from U.K. lawmakers, while action taken by Brazil was of a more serious nature.

Editors’ Recommendations

Topics
Mark Jansen
Mark Jansen
Contributor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
Your Google Photos app may soon get a big overhaul. Here’s what it looks like
The Google Photos app running on a Google Pixel 8 Pro.

Google Photos is set to get a long-overdue overhaul that will bring new and improved sharing and notification features to the app. With its automatic backups, easy sorting and search, and album sharing, Google Photos has always been one of the better photo apps, and now it's set to get a whole slew of AI features.

According to an APK teardown done by Android Authority and the leaker AssembleDebug, Google is now set to double down on improving sharing features. Google Photos will get a new social-focused sharing page in version 6.85.0.637477501 for Android devices.

Read more
iOS 18 may give Siri the upgrade we’ve been waiting for
Hey Siri

Apple isn’t immune from the AI craze sweeping the rest of the industry. Following the likes of Google with Gemini Nano, Apple is set to roll out AI upgrades to the iPhone with iOS 18. Code-named “Project Graymatter,” the iOS 18 update will bring a variety of AI-powered enhancements to the iPhone and Siri in particular.

According to AppleInsider, the features are being tested in advance of Apple's Worldwide Developers Conference (WWDC), and one of the biggest is called “Graymatter Catch Up.” The feature is tied to Siri, Apple’s voice assistant, which will now allow users to request and receive an AI overview of the most recent notifications.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more