Two years ago, WhatsApp added end-to-end encryption to every conversation for its billion users. This includes one-to-one services and group chats (with up to ten users) – for messages, phone calls, photos and videos that move between them. It works on every device that runs the app, from Apple to Androids to old-school Nokia flip phones. Not even WhatsApp employees can read the data that’s sent over its network. This means it couldn’t comply with a court order demanding access to the contents of the data that travels through its service, and effectively stonewalls the federal government and any attempt to spy on its users’ data.
According to new research, however, from a team of German cryptographers, there are flaws in WhatsApp, which make spying on group chats much easier than it should be.
The researchers hail from the Ruhr University Bochum in Eastern Germany and plan to report a series of flaws in several encrypted messaging apps, Signal and Threema, alongside WhatsApp, at the Real World Crypto security conference, taking place in Zurich, Switzerland next week. The team said that their findings undermine the security claims of these apps for their multi-person group conversations, to varying degrees.
While the Signal and Threema flaws were found to be relatively insignificant, the team found that there were significantly more serious gaps in the security of WhatsApp’s encryption service. The Ruhr researchers claim that anyone who controls the servers that power WhatsApp can effortlessly add new people into what is otherwise a private group, including without the permission of the administrator who started that group.
Paul Rösler, one of the co-authors of the paper on the vulnerabilities they found in the app’s group messaging, said, “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them.” Rösler added, “If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little.”
Even though the hacker would need to either coerce a WhatsApp staffer or compromise its servers to insert a silent eavesdropper into a group chat, this belies the entire premise and purpose of encryption. An encrypted server should never expose secrets, even if it is compromised. The only people who should have access to the data passed through WhatsApp are the people in that private conversation, not the servers.
“If you build a system where everything comes down to trusting the server, you might as well dispense with all the complexity and forget about end-to-end encryption,” says Matthew Green, a cryptography professor at Johns Hopkins University who has reviewed the Ruhr University researchers’ work. “It’s just a total screwup. There’s no excuse.”
The researchers say that WhatsApp could fix its group chat flaw by adding an authentication mechanism used whenever there is a new invitation within a group. If the administrator has a secret key that only they use, they could prevent the spoofed invites, locking out uninvited guests. It’s unclear so far, what WhatsApp next move will be in response. Until then, it’s probably safest to stick to one-to-one conversation, or switch to a more secure group messaging app.