WhatsApp Vulnerability
A new vulnerability in WhatsApp has been discovered:
…the researchers unearthed far more significant gaps in WhatsApp’s security: They say that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.
Matthew Green has a good description:
If all you want is the TL;DR, here’s the headline finding: due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic. But both issues are very avoidable, and tend to undermine the logic of having an end-to-end encryption protocol in the first place.
Here’s the research paper.
EDITED TO ADD (2/12): Commentary from Moxie Marlinspike, the developer of the protocol.
Zoë R. • January 25, 2018 7:10 AM
Isn’t this old news? I have no idea why the cited paper is dated January 8, 2018, but I’m sure I have read about this somewhere last summer. This is the analysis where Threema came out on top, right?