The flaw allows anyone who controls WhatsApp’s servers to effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Jing Xie, Senior Digital Security Researcher at Venafi commented below.
Jing Xie, Senior Digital Security Researcher at Venafi:
This particular flaw does not appear to originate from government intervention and WhatsApp’s transparency on the matter is commendable. However, this potential gap in security should serve as a reminder for businesses and users to keep a close eye on their encryption services and their cryptographic keys.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.