Thursday, Oct 18, 2018 | Last Update : 12:07 PM IST
Cryptographers reported flaws that make it possible to gain access to WhatsApp's private group chats without admins permission.
WhatsApp Messenger, which has made our lives easier and connected people like never before seems to be making headlines yet again. The Facebook-owned messaging platform has time and again claimed that its end-to-end encryption is impeccable and the users are at no data breach risk. But according to a report by wired.com, cryptographers from Germany addressed the issue at 'Real World Crypto Security Conference' on January 10 and said that anyone who controls the app's servers could insert new people into private group chats without needing admin permission.
Paul Rosler, one of the researchers reportedly said,"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them."
Facebook Chief Security Officer Alex Stamos replied to the claims by the researchers and tweeted: "There is no secret way into WhatsApp groups chats."
In a statement to IANS on Thursday, a WhatsApp spokesperson said: "We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users are incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."
Facebook-owned WhatsApp added end-to-end encryption to every conversation two years ago. WhatsApp is also testing a feature where it will likely give group administrators more powers where they will be able to restrict all other members from sending text messages, photographs, videos, GIFs, documents or voice messages in case the admin thinks so. Once restricted, other members will simply have to read their messages and will not be able to respond. They will have to use the 'Message Admin' button to post a message or share media to the group.