WhatsApp users have been put on alert about a security flaw
WhatsApp users have been warned that cyber criminals could spy on chat messages they send in the hugely popular app.
WhatsApp is used by more than 1.3billion people around the world each month, and is one of the most popular smartphone apps around.
On New Year’s Eve WhatsApp broke its record for the most amount of messages sent in one day, with 75billion messages sent on NYE 2017.
The staggering stats underline the huge amount of people that use WhatsApp each and every day.
And now fans of the Facebook-owned service have been put on alert after security researchers discovered a WhatsApp security flaw.
Researchers from Germany’s Ruhr University Bochum unearthed the risk, claiming it can let hackers spy on group chats in WhatsApp.
The experts said anyone that control WhatsApp servers could insert new people into an otherwise private group chat.
They could do this without the permission of administrators who controls access to that conversation.
Speaking to Wired, Paul Rösler – one of the Ruhr University researchers – said: “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them.
“If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against.
“And if not, the value of encryption is very little.”
Since people can only be added to WhatsApp groups without permission once servers are accessed, that limits the amount of parties who can eavesdrop.
Once someone has infiltrated a conversation, everyone in the chat automatically shares a secret key with that user.
That means they have access to all future messages, but cannot view past ones.
A WhatsApp spokesperson confirmed the researchers’ finding to Wired, but said no one can secretly add a new member to a group conversation.
This is because a notification goes through when a new, unknown member has joined the group.
WhatsApp users have been warned about a group chat security flaw
And Facebook’s Chief Security Officer Alex Stamos also addressed the researchers’ claims on Twitter.
He reiterated that users are notified of anyone joining a chat – even those without permission.
In a series of tweets, he wrote: “On WhatsApp, existing members of a group are notified when new people are added.
“WhatsApp is built so group messages cannot be send to hidden users and provides multiple ways for users to confirm who receives a message prior to it being sent.”
Stamos added: “In sum, the clear notifications and multiple ways of checking who is in your group prevents silent eavesdropping.
“The content of messages sent in WhatsApp groups remain protected by end-to-end encryption.”
The news comes after WhatsApp at the turn of the new year dropped support for a number of ageing mobile phone platforms.
On December 31 2017 WhatsApp said they would stop support for BlackBerry OS as well as Windows Phone 8.0 and older models.
WhatsApp had originally told users that support for these ageing mobile platforms would be dropped by the end of 2016.
But as the end of 2016 drew close, WhatsApp updated the information listed on its website, informing users that the deadline had been pushed back to June 30, 2017.
A further update extended the deadline again until December 31 2017.
WhatsApp support for BlackBerry 10 was also meant to end on the last day of 2017.
However, users of the mobile OS were given an extra grace period of around two weeks before the WhatsApp went into “expired” mode on it.