Return To Article
Researchers Paul Rösler, Christian Mainka, and Jörg Schwenk at Ruhr-Universität in Bochum, Germany released a research paper (.pdf link) that found a peculiar flaw in WhatsApp’s group chat administration. WhatsApp offers the same end-to-end encryption for group chats that it does for individual chats, and that usually means we should be able to feel safe in knowing that the things we say won’t be read by anyone who shouldn’t be reading it unless one of the group members lets it happen.
In a WhatsApp group chat one or more of the original members is an administrator. From the server’s point of view, that means that these people are able to add and remove people from the group.
The problem is that WhatsApp isn’t properly authenticating these group management requests on its own servers.