Academic researchers have reported vulnerabilities in the group communication protocols of three encrypted messaging apps – WhatsApp, Signal, and Threema – that could allow attackers to willfully subvert their integrity and confidentiality.
While the apps' end-to-end protections hold up during one-on-one message exchanges, holes begins to open up when three or more users communicate as a group, according to Paul Rosler, Christian Mainka, and Jorg Schwenk, German researchers at Ruhr-University Bochum's Horst Gortz Institute for IT Security. A paper published last week details these security lapses, many of which require certain preconditions to be fully exploited. Nevertheless, the researchers managed to develop several successful proof-of-concept exploits.
Of the three apps profiles in the study, only Threema was able to update its app by the paper's Jan. 6 publication date, the researchers note.
According to the paper, weaknesses found in Signal can allow malicious users to sneak into a private group, enabling them to read confidential messages, contribute content, and gain admin privileges. To accomplish this, the uninvited party needs the phone number of one group member and the group ID number, which can be attained if a session state compromise is performed or if the intruder was a former member of the group.
Attackers can also reportedly drop certain group messages, and then forge acknowledgements to make the message sender believe his or her communication was successfully received, even if it really wasn't. (SC Media was unable to find a contact at Signal developer Open Whisper Systems for comment.)
Similar to the Signal scenario, malicious actors can reportedly worm their way into a WhatsApp group –provided that they are able to modify group information at the client side – and they can also drop messages and send forged notifications to the sender. Additionally, the researchers note that because Diffie-Hellman key ratcheting, a component of the Double Ratchet encryption algorithm for instant messaging, “is not integrated into the encryption of group messages, ‘Future Secrecy' cannot be reached in WhatsApp.”
The researchers warn that the WhatsApp flaws, in totality, can allow can attacker "who controls the WhatsApp server or can break the transport layer security, to take full control over a group."
A WhatsApp spokesperson responded to the research, telling SC Media via email: “We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted.”
Meanwhile, Threema was found to be prone to a replay attack, whereby adversaries can resend an old message to group member. The researchers say this is possible as long as the actors have access to the channel somewhere between the sender and receiver, although a Threema spokesperson disputed this, telling SC Media that it was "not sufficient to have access to the channel somewhere between," and that an attacker "needed access to Threema's server to replay messages, due to the encryption on the network layer and the certificate pinning."
The researchers also discovered that malicious servers could arbitrarily reorder a group's messages, and that users who were no longer part of an active group could still view that group's management information simply by sending its members a message.
Julia Weiss, a spokesperson at Threema, told SC Media via email that the replay attack vulnerability and the flaw that allowed excluded users to keep tabs on a private group were both fixed "within a few days after disclosure, and new versions of the app were made available in May 2017."
Despite only focusing on Signal, WhatsApp, and Threema, the researchers note in their paper that “our methodology and the underlying model is of generic purpose and can be applied to other secure group instant messaging protocols as well.” The researchers also listed a number of countermeasure recommendations for all three analyzed messaging applications.
