We have to say that since Facebook acquired WhatsApp the security improvements have been many.
Not like before. Before, this messaging app was on everyone's lips for being an unsafe application and taking little care of the user's privacy.
Some of the improvements introduced have been two-step verification or chat encryption.
But, as we can see, that does not mean that the application is completely safe, as has been recently demonstrated.
What is the vulnerability in the encryption of WhatsApp chats?
The messaging application offers end-to-end encryption. This security measure prevents third parties from decrypting said codes.
end-to-end encryption
The vulnerability in the encryption of chats affects both personal and group chats.
Initially, only the administrator of a group can invite other people to a conversation. But, it seems that WhatsApp does not use any authentication system in this invitation.
A group of students from the Ruhr University of Bochum have taken advantage of this security breach. And it ensures that it is possible to enter a WhatsApp chat without being discovered. Neither by the users nor by the administrator, in case of being a group.
In this way, someone could see all our conversations and files we send, without realizing it.
Furthermore, anyone with control over the WhatsApp servers could introduce new people to our chat, without permission.
Something that theoretically should be invulnerable may be accessible.
This security flaw also appears in other applications like Signal and Threema, but more harmless.
How does this vulnerability affect encryption?
In order to be able to see other people's conversations, or introduce external people into chats, you must have control over the servers of WhatsApp.
Therefore, for any person it would not be possible, or at least it would not be easy.
The problem is that knowing about this security flaw, a hacker, employees of this application or government companies could take advantage of it.
In any case, from WhatsApp they want us to calm down and assure us that the problem is not that serious and that it is almost impossible for it to happen.
We are sure that the Facebook security team should already be aware of this situation. We hope to receive a security update soon that will prevent this bug.
What do you think about this vulnerability? Are you considering switching from messagingapplication?
