The WhatsApp server has a vulnerability. You can add irrelevant persons to a private group.

Source: Internet
Author: User

The WhatsApp server has a vulnerability. You can add irrelevant persons to a private group.


Since 2016, WhatsApp has provided end-to-end encryption for its communication services, encrypting text, photos, and video content between users, demonstrating their enthusiasm for user personal protection. However, according to Wired, The WhatsApp server has a serious vulnerability, and irrelevant personnel can be added to the private group from the server side.

The findings were published at a Real World Crypto conference in Zurich, by a researcher at the University of bohonrul, Germany. They also found other vulnerabilities in other communication software Signal and Threema, but their severity is far less than what is hidden in WhatsApp.

The vulnerability content allows the server administrator to add people to a secret group from the server. Paul rösler, one of the report authors, explains to Wired that the confidentiality of the secret group does not exist, this is because it does not mean that new members can view all subsequent conversation content and enable end-to-end encryption protection. In this case, it will become meaningless. Normally, only the group administrator can add members to the private group of WhatsApp, but there is no mechanism to verify the invitation.

Unfortunately, this vulnerability is only available to WhatsApp employees who have administrator permissions. As long as WhatsApp does not mean this, group conversations are not so easy to be seen. In addition, Wired also received a response from WhatsApp, which means that when a new member joins a group, all existing members will receive a message, so they cannot secretly add new members to the group, and never let anyone know. But how does one feel a little uneasy about this vulnerability on the server...

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.