A team of crytopgraphers from Germany's Ruhr University Bochum say they have uncovered flaws in WhatsApp's security that could limit the benefits of the messaging service's vaunted end-to-end encryption in group chats.
As described in a newly published paper, "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema", anyone who controls WhatsApp's servers, including company employees, can covertly add members to any group.
From the paper:
5.4 Impact of the Weaknesses' Combination
The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group however leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group. Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces.
Only admins can add new members to private groups. But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations. The obvious examples that come to mind are hackers who manage to gain access to WhatsApp servers or a government successfully pressuring WhatsApp to give it access to targeted group chats.
Perhaps even more troubling, a compromised admin with control of the server could manipulate the messages that would alert group members that someone new had been added, according to the researchers.
Wired confirmed the researchers' findings with a WhatsApp spokesperson. While the company, which is owned by Facebook, acknowledges the issue of server security, the spokesperson pushed back on the idea that attackers could block, cache or otherwise prevent the alert that new members have been added.
"We've looked at this issue carefully," a WhatsApp spokesperson wrote to Wired. "Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."
While the research indicates that it is possible for an infiltrator to add members to a group chat without members noticing by manipulating alerts, it's not guaranteed that doing so could be kept secret from the group's members.
The researchers agree that the level of sophistication needed to compromise WhatsApp servers makes this exact attack scenario unlikely, but that's no excuse for security holes in an otherwise sharp system.
"If I hear there's end-to-end encryption for both groups and two-party communications," researcher Paul Rösler told Wired, "that means adding of new members should be protected against."