New WhatsApp group chat flaw discovered
A research paper published by German computer scientists has uncovered a major flaw in WhatsApp group chat security. While WhatsApp has acknowledged the issue, they claim it isn’t as dire as the researchers have stated.
The paper was presented at a Swiss cybersecurity conference and describes how a stranger could add themselves to a group chat session and receive future messages in the chat room. Those of you that are frequent group chat WhatsApp users will immediately recognize the weakness in this argument, because new additions to chats are announced to the group, like other group messaging systems.
That’s great, but how often does anyone question these announcements? You, as a group member, would probably think that the new person was legitimately added by the group administrator, and this is why the researchers claim that this notification would likely go unnoticed. In any event, it is a bug because the new interloper isn’t properly authenticated and could arrange the sequence of messages that the other group members would see. The researchers want WhatsApp to cryptographically sign the messages with the group administrator’s key. While the conversations are encrypted, the group management messages aren’t encrypted, or currently digitally signed. That is an important distinction.
"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired.
Crypto experts also were skeptical about the discovery, saying the attack would be difficult to pull off. And Graham Cluley, writing on Tripwire’s blog says, “most WhatsApp users would expect a group chat’s membership to be controlled by the group’s administrator – and not something that could be manipulated by an unauthorized party.” He asks that WhatsApp fix the flaw. If you are looking to read one single analysis of this research, go to Matthew Green's post here.
The research paper examined other messaging apps besides WhatsApp, including Signal and Threema. Signal makes all group chat members administrators and can add members to the chats. But Signal has random 128-bit numbers for its group chat sessions, making adding yourself to a group much more difficult. Threema only allows group creators admin access, but if an attacker gained control over a server, they could replay messages, as this post in HelpNetSecurity warns. Threema fixed their code with version 3.14 prior to the release of the paper.
The bottom line here: end-to-end encryption of messaging traffic shouldn't depend on uncompromised messaging servers, and there is more to encrypting the traffic itself. While one-on-one encrypted messages are well understood and implemented today, group chats are not as secure. In the future, until these issues are fixed, be aware of using group chats with any tool.