The WhatsApp server has a vulnerability. You can add irrelevant persons to a private group.

The WhatsApp server has a vulnerability. You can add irrelevant persons to a private group.

REUTERS

Since 2016, WhatsApp has provided end-to-end encryption for its communication services, encrypting text, photos, and video content between users, demonstrating their enthusiasm for user personal protection. However, according to Wired, The WhatsApp server has a serious vulnerability, and irrelevant personnel can be added to the private group from the server side.

The findings were published at a Real World Crypto conference in Zurich, by a researcher at the University of bohonrul, Germany. They also found other vulnerabilities in other communication software Signal and Threema, but their severity is far less than what is hidden in WhatsApp.

The vulnerability content allows the server administrator to add people to a secret group from the server. Paul rösler, one of the report authors, explains to Wired that the confidentiality of the secret group does not exist, this is because it does not mean that new members can view all subsequent conversation content and enable end-to-end encryption protection. In this case, it will become meaningless. Normally, only the group administrator can add members to the private group of WhatsApp, but there is no mechanism to verify the invitation.

Unfortunately, this vulnerability is only available to WhatsApp employees who have administrator permissions. As long as WhatsApp does not mean this, group conversations are not so easy to be seen. In addition, Wired also received a response from WhatsApp, which means that when a new member joins a group, all existing members will receive a message, so they cannot secretly add new members to the group, and never let anyone know. But how does one feel a little uneasy about this vulnerability on the server...