A flaw in popular encrypted chat programs WhatsApp, Threema and Signal theoretically allows almost anyone to control important servers, bypass encryption and add themselves to group chats.
New research from a team of German cryptographers presented Wednesday at the Real World Crypto conference in Zurich, Switzerland zeroed in on group messaging to show that security for a one-on-one conversation is far ahead of group chats.
The vulnerabilities found in Threema and Signal are relatively harmless compared to the problems researchers found with WhatsApp, because of the relative ease with which new people can be inserted into private groups without any permission.
“The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rösler, one of the Ruhr University researchers behind the new finds, told Wired. “If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little.”
An attacker would have to take control of WhatsApp servers which means a sophisticated hacker, a WhatsApp staffer or a government with legal authority could gain access, even though end-to-end encryption is supposed to protect users from even these sorts of attacks.
The problem sits in WhatsApp’s authentication mechanism for adding people to group chats. Their servers can spoof the invite.
New additions to the group chat would be notified to all members of the chat just like normal.
It’s not a problem that will impact most users, but chat apps like Signal and WhatsApp have been used for private conversations from everyone ranging from politicians to government dissenters. For users with a threat-model realistically including government surveillance, this is a flaw worth being aware of, but not worth much panic.
“The caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic,” cryptographer Matthew Green explained.
Signal is also somewhat exposed to the flaw, but hackers would also have to know the group’s unique ID, a random 128-bit number and therefore an unguessable number. One example attack posited that former members of groups could record the group ID and use that for future attacks.
Green called the attack against Signal “very difficult to execute.”
WhatsApp representatives told Wired there would be no fixes as a result of the research and that notifications of new chat additions are warning enough. Signal representatives have not yet responded to a request for comment.