The flaw allows anyone who controls WhatsApp’s servers to effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Jing Xie, Senior Digital Security Researcher at Venafi commented below.
Jing Xie, Senior Digital Security Researcher at Venafi:
“Governments have targeted WhatsApp encryption in the past, demanding backdoors into their service and data. We exist at a time when governments worldwide are attempting to break down and intrude on the use of encryption, which disregards basic protections to human, and machine, privacy – what has become a basic right worldwide. As a result, any potential flaw that impacts WhatsApp’s privacy is cause for concern.
This particular flaw does not appear to originate from government intervention and WhatsApp’s transparency on the matter is commendable. However, this potential gap in security should serve as a reminder for businesses and users to keep a close eye on their encryption services and their cryptographic keys.”