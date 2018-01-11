A lot of talk went down yesterday about a new way to exploit WhatsApp and bypass the end-to-end encryption the company likes to mention that it has whenever it can. I've seen tweets and comments that run the gamut from "it's FUD" to talking about some backdoor that Facebook had installed.

The good news is that it's neither. In fact, it's not really one of those things you need to be concerned about and instead is one of those things that make you wonder how it ever happened in the first place because it's pretty sloppy. But don't worry — it will be fixed long before anything happens.

What it is

Researchers Paul Rösler, Christian Mainka, and Jörg Schwenk at Ruhr-Universität in Bochum, Germany released a research paper (.pdf link) that found a peculiar flaw in WhatsApp's group chat administration. WhatsApp offers the same end-to-end encryption for group chats that it does for individual chats, and that usually means we should be able to feel safe in knowing that the things we say won't be read by anyone who shouldn't be reading it unless one of the group members lets it happen.

Apparently, it's theoretically possible for a stranger to add themselves to a group chat on WhatsApp. "Theoretically" and "possible" being the key words here. I'll explain.

WhatsApp offers group messaging that uses strong end-to-end encryption.

In a WhatsApp group chat one or more of the original members is an administrator. From the server's point of view, that means that these people are able to add and remove people from the group. Everything is good so far, even though the way it works — an administrator sends a signal to every member of the group with his or her signing keys and in return, each member sends a return message with their signing keys then the originator of the message notifies each member that there is now a new person in the group — is a bit of a kludge in order to create a good user interface. If you're not an administrator, the only thing you know is that you see a message that Jerry is now a member of the group. You can either accept that or leave the chat.

A similar flaw was found with group messaging through Signal.

The problem is that WhatsApp isn't properly authenticating these group management requests on its own servers. A WhatsApp server needs to properly ID the sender of a message that would add a person to a group chat. The person sends a message that IDs both the group and the member it wishes to add and the server checks to make sure the person who sent it is actually a chat administrator. These messages aren't end-to-end encrypted, and instead use standard transport encryption — the message coming from a chat administrator and going to a server that requests a user be added to a chat is not signed by the sender with their encryption key.

This means a WhatsApp server can add any user it wants to any group, at any time. The server can, not another user. That's important, and it means any privacy expected in a WhatsApp group chat depends solely on trusting the WhatsApp chat server. That defeats the entire purpose of end-to-end encryption, which is designed so that privacy is guaranteed even if a server is compromised because only the sender and recipient can decrypt a message.

And then the internet loses its collective mind because that's what the internet is really good at doing.

This won't happen but still needs fixing