WhatsApp Messenger is an application, selected by millions of people all over the world. Like many other messaging-tools, WhatsApp also pays attention to users’ privacy and offers end-to-end encryption for its chats. This feature should create a private connection between partners so that their chats could not be accessed by anyone, not even the controllers of WhatsApp.
However, we have read reports that are opposed to such privacy elevations as it could allow terrorists, thieves and other criminals to communicate about their crimes through the end-to-end encrypted chats. In fact, WhatsApp has not created such a private space for its users yet: researchers from Germany have detected that end-to-end encrypted group chats can be invaded by unreliable WhatsApp employees.
WhatsApp employees could invade a group chat and read it
You would expect end-to-end encryption to provide a completely private environment for communication. In reality, there are many factors that could stand in a way of such privacy. According to specialists from Ruhr-Universität Bochum, WhatsApp group chats could be invaded by devious individuals. This monitoring will be done without the authorization of the group’s administrator. In addition, interlocutors won’t be informed that a new member has been added to their group.
End-to-end encryption appears to be functioning properly when it comes to chats between two users. However, group chats are more complicated because servers become more important during the transmission of information to all members of the group chat.
The main issue is that WhatsApp fails to properly recognize which users adds a new member to the group. A new member, aka spy, could be added by an unreliable WhatsApp employee. Disturbingly, there will be no notification about the new member. The intrusive invader can turn off the alerts for new members.
After such a violation of privacy, the group chat will be observed by an unknown party. He/she will be allowed to read messages, interfere with the sent messages ant etc. The analysts from Germany also offered a solution to this security issue. WhatsApp should make sure that their group chats would feature authentication mechanism. It would guarantee that no third-party would be allowed to add new members, block alerts or initiate other modifications to a group chat.
However, researchers also emphasize that the utilization of this flaw requires sophisticated skills. Therefore, hackers might not waste their time on an invasion that might not even bring any profitable results.