Hackers and spies could secretly eavesdrop on your private WhatsApp conversations, security researchers have claimed.
Two years ago, the chat app added ‘end-to-end encryption’ which is meant to make sure messages are scrambled so they can only be read by people who are meant to receive them.
But experts from Ruhr University Bochum in Germany said snoopers with access to WhatsApp’s servers could potentially invite new members into other peoples’ chats, allowing them to listen to their conversation.
‘The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,’ Paul Rösler, a Ruhr University researchers, told Wired.
Anyone wanting to slide into other people’s DMs would need access to WhatsApp’s servers, which means it would have to be an extremely skilled hacker, an employee or a member of the intelligence services.
They would also have to hide their presence once they have joined the chat – which is difficult, but might not be impossible.
WhatsApp said it had ‘carefully looked’ at the flaw and reassured users that their encrypted messages were safe.
‘Existing members are notified when new people are added to a WhatsApp group,’ it said.
‘We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It’s why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted.’