SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
11 Jan 2018

WhatsApp security flaws could allow snoops to slide into group chats

When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide.

But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator.

And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app's group chats much easier than ought to be possible. At the Real World Crypto security conference Wednesday in Zurich, Switzerland, a group of researchers from the Ruhr University Bochum in Germany plan to describe a series of flaws in encrypted messaging apps including WhatsApp, Signal, and Threema. The team argues their findings undermine each app's security claims for multi-person group conversations to varying degrees.

But while the Signal and Threema flaws they found were relatively harmless, the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them," says Paul Rösler, one of the Ruhr University researchers who co-authored a paper on the group messaging vulnerabilities. "If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little."

That any would-be eavesdropper would have to control the WhatsApp server limits the spying method to sophisticated hackers who could compromise those servers, WhatsApp staffers, or governments who legally coerce WhatsApp to give them access. But the premise of so-called end-to-end encryption has always been that even a compromised server shouldn't expose secrets. Only people in a conversation should be able to read WhatsApp's messages, not the servers themselves.

"If you build a system where everything comes down to trusting the server, you might as well dispense with all the complexity and forget about end-to-end encryption," says Matthew Green, a cryptography professor at Johns Hopkins University who reviewed the Ruhr University researchers' work. "It's just a total screwup. There's no excuse."

Group Threat

The German researchers say their WhatsApp attack takes advantage of a simple bug. Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof. So the server can simply add a new member to a group with no interaction on the part of the administrator, and the phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages. (Messages sent prior to an illicit invitation, fortunately, still can't be decrypted.)

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator. If the administrator is watching closely, he or she could warn the group's intended members about the interloper and the spoofed invitation message.

But the Ruhr University researchers and Johns Hopkins' Green point out several tricks that could be used to delay detection. Once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group, including those that ask questions, or provide warnings about the new entrant.

"He can cache all the message and then decide which get sent to whom and which not," says Rösler. And in groups with multiple administrators, the hijacked server could spoof different messages to each administrator, making it appear that another one had invited the eavesdropper, so that none raises an alarm. It could even prevent any administrator's attempt to remove the eavesdropper from the group if discovered.

Some Limits

In a phone call, a WhatsApp spokesperson confirmed the researchers' findings, but emphasized that no one can secretly add a new member to a group—a notification does go through that a new, unknown member has joined the group. The staffer added that if an administrator spots a fishy new addition to a group, they can always tell other users via another group, or in one-to-one messages. And the WhatsApp spokesperson also noted that preventing the Ruhr University researchers' attack would likely break a popular WhatsApp feature known as a "group invite link" that allows anyone to join a group simply by clicking on a URL.

“We've looked at this issue carefully," a WhatsApp spokesperson wrote in an email. "Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted.”

To be fair, this technique wouldn't be a very stealthy strategy in the long run for government spying. Sooner or later, users would likely notice that unexpected strangers were showing up in their chats. But that possibility of detection isn't an adequate solution to WhatsApp's underlying problem, argues John Hopkins' Green. "That's like leaving the front door of a bank unlocked and then saying no one will rob it because there’s a security camera," Green says. "It's dumb."

The Ruhr University researchers say they alerted WhatsApp to the problem with group messaging security last July. In response to their report, WhatsApp's staff say they fixed one problem with a feature of their encryption that made it harder to crack future messages even after an attacker obtained one decryption key. But they told the researchers the group invitation bug they'd found was merely "theoretical" and didn't even qualify for the so-called bug bounty program run by Facebook, WhatsApp's corporate owner, in which security researchers are paid for reporting hackable flaws in the company's software.

For some of WhatsApp's users, the stakes of the app's security could be high. WhatsApp's convenient group messaging system, in combination with its encryption promises, have made it a popular tool for "whisper networks" of grassroots organizing around sensitive or dangerous topics. Victims of sexual abuse and harassment have used it to organize the campaign against abusers, for instance. So have political insiders and Syria's embattled White Helmets, volunteer rescue brigades in Syria who are often targeted by the ruling regime.

But the shoddy security around WhatsApp's group chats should make its most sensitive users wary of interlopers, Rösler argues. If WhatsApp were to comply with a government request—in the US or abroad—agents could join any private group and listen along.

Smaller Problems

The researchers dug up less serious flaws in the more specialized secure messaging apps Signal and Threema, too. They warn that Signal allows the same group chat attack as WhatsApp, letting uninvited eavesdroppers join groups. But in Signal's case, that eavesdropper would have to not only control the Signal server, but also know a virtually unguessable number called the Group ID. That essentially blocks the attack, unless the Group ID can be obtained from one of the group member's phones—in which case the group is likely already compromised. The researchers say that Open Whisper Systems, the non-profit that runs and maintains Signal, nonetheless responded to their work, saying that it's currently redesigning how Signal handles group messaging. Open Whisper Systems declined to comment on the record about the Ruhr researchers' findings.

For Threema, the researchers found even smaller bugs: An attacker who controls the server can replay messages or add users back into a group who have been removed. The researchers say Threema responded to their findings with a fix in an earlier version of its software.

As for WhatsApp, the researchers write that the company could fix its more egregious group chat flaw by adding an authentication mechanism for new group invitations. Using a secret key only the administrator possesses to sign those invitations could let the admin prove his or her identity and prevent the spoofed invites, locking out uninvited guests. WhatsApp has yet to take their advice.

Otherwise, they'd be wise to keep a vigilant eye out for any new entrants sliding into their private conversations. Until an administrator actively vouches for that newcomer, there's a small chance he or she might just be something other than a new friend.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
WhatsApp information leaks
Source:
Wired
2750
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015