An attacker would have to take control of WhatsApp servers which means a sophisticated hacker, a WhatsApp staffer or a government with legal authority could gain access, even though end-to-end encryption is supposed to protect users from even these sorts of attacks.
It's not a problem that will impact most users, but chat apps like Signal and WhatsApp have been used for private conversations from everyone ranging from politicians to government dissenters.
The researchers from Ruhr University Bochum in Germany announced this big news at the "Real World Crypto Security Conference" which was held in Zurich, Switzerland, on January 10. But there is no a secret way into WhatsApp groups chats.
Once the new person is added to the group, the phone of each member of the group chat automatically shares secret keys with that person, giving them full access to all future encrypted messages sent in the chat.
He said that there are multiple ways to verify group chat members, adding that users are notified of anyone new joining, including those without permission.
Armed robbers raid Ritz hotel in Paris stealing jewellery worth 'millions'
The officer would not confirm reports that jewels were stolen from a hotel shop or that the robbers had hatchets. A judicial source put the value of the jewels seized at "more than four million euros" ($4.75 million).
"We've looked at this issue carefully", a WhatsApp spokesman said in a statement.
While the exploits in Threema and Signal seemed to be relatively harmless, WhatsApp had far more significant gaps in security.
Despite WhatsApp's secure end-to-end encryption for messages, German researchers have found a loophole that could allow hackers to worm their way into WhatsApp's group chats.
The report says a WhatsApp spokesperson confirmed the findings but added that no one can "secretly" add members to a group. Whatsapp was a different story, which you can read in the paper they published on the topic.
In May 2016, Facebook-owned-WhatsApp had introduced the end-to-end encryption for its users across the globe.
Red Cross seeks blood donations in tough winter
Serving local hospitals is the first priority, but the Red Cross can move blood products to where they're needed most . Right now, the Red Cross says, there is a critical need for Type O negative and B negative blood donations.
"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them".
The flaw - detailed in a paper - shows how it is possible to add a participant into a conversation without the permission of the person in control of the group. While the company, which is owned by Facebook, acknowledges the issue of server security, the spokesperson pushed back on the idea that attackers could block, cache or otherwise prevent the alert that new members have been added. But, as the researchers found, anyone in control of the server can spoof the authentication process, essentially granting themselves the privileges necessary to add new members who can snoop on private conversations.
Facebook's Chief Security Officer Alex Stamos in a Twitter thread said that it was impossible for anyone to infiltrate WhatsApp's private groups. End-to-end security protection doesn't mean almost as much when someone at the company can simply drop a new person into a private chat anytime they want.
In January previous year, the Guardian newspaper reported that WhatsApp was vulnerable to interception, sparking concern over the app that marketed itself as a privacy leader.
Missing Penn student's family using drones to look for him in California
Bernstein's friend eventually began sending text messages to him when he didn't return, but did not hear back from him, she said. Reports of Bernstein's death comes after days of expansive search and rescue missions in the area where he was last spotted.