WhatsApp provides no cryptographic management for group messages
1 min read
Summary
A team of researchers has discovered a significant gap in WhatsApp’s security, which enables the potential infiltration of users into group chats, even when they are end-to-end encrypted.
The loophole lies in the fact that WhatsApp does not offer cryptographic group management assistance, which means that new members can be added to a group without the knowledge or approval of the existing members.
Although the risk to individuals is likely to be low, when it comes to groups of officials discussing national security, the potential for infiltration by a nation-state operative is a realistic concern.
The finding reinforces the importance of checking new members in group chats and staying alert to those who may have suspiciously joined a conversation.
It also underscores the benefits of using dissimulation as a security measure to help identify potential threats.
