WhatsApp: vulnerability threatens groups and messages
After WhatsApp downtime on New Years Eve there is now the next dilemma with the popular messenger. A WhatsApp security hole is supposed to make WhatsApp groups and messages in this vulnerable. The gap is said to have existed for a long time.
As the Ruhr University in Bochum has now found out, a new loophole in WhatsApp is supposed to give strangers access to groups. These should be able to join random groups via WhatsApp's group links. The danger here: Bots could exploit this security hole for spam. However, this loophole is supposed to be very difficult to exploit. The researchers write that access to a messenger server is necessary for an attack.
Messages from groups can also be manipulated
In addition to adding foreign numbers to group chats, this gap in the server should also be able to block messages in the group. Thus, one could suppress certain messages from a group member and thus make them invisible to others. As the researchers mention in their work, this security breach in WhatsApp has been around since summer 2017. At that time, this was also transmitted to Messenger, according to the study. This gap could also be exploited in the messengers Threema and Signal. Both services quickly closed the hole, except for WhatsApp: nothing has changed there since summer 2017. That is why the gap has now been published publicly.
However, the loophole does not seem to be critical, as it is really very difficult to exploit. However, the Facebook subsidiary should be a role model and deliver a corresponding patch. After all, the developers of WhatsApp publish daily updates in the beta version of the app. Only in the end does the messenger have one Message delete function introduced, new features should already be planned. For example, the WaBetaInfo page speaks of Group calls in Messenger and Keyboard stickers.