A new academic study has reverse-engineered WhatsApp's multi-device group messaging system, formally analyzing its security architecture and uncovering both strong protections and longstanding vulnerabilities.
The study conducted by researchers at King's College London and the University of London offers the first comprehensive formal description of how WhatsApp handles encrypted group messaging across multiple devices — an area previously obscured by limited public documentation and inaccessible source code.
To construct their analysis, the researchers reverse-engineered the WhatsApp web client and correlated findings with the official WhatsApp security whitepaper and partially decompiled Android application code. Their goal: to clarify what security guarantees users can actually expect from the platform's multi-device functionality. The analysis is framed within the Device-Oriented Group Messaging (DOGM) model, which the researchers extended to support device revocation — an essential security feature for recovering from device compromises.
WhatsApp, a Meta-owned messaging service with over two billion users, utilizes the Signal protocol for two-party encryption and extends it to group chats through the Sender Keys multiparty extension. While prior efforts, such as RECSI 2020's model, evaluated aspects of this protocol, they stopped short of accounting for WhatsApp's real-world implementation, particularly its handling of device management, session control, and security state recovery after compromise.
The new research makes five key contributions:
- Formal Protocol Description: It offers a formal model of WhatsApp's group messaging, incorporating multi-device management, session states, and history synchronization.
- Implementation-Based Insights: The team derived pseudocode from the minified JavaScript code of WhatsApp Web, bridging the gap between whitepaper theory and software reality.
- Extended DOGM Model: They introduced enhancements to DOGM that support device revocation, capturing how a user's actions to unlink a compromised device affect the post-compromise security (PCS) of future communications.
- Channel Multiplicity Analysis: Contrary to assumptions made in Signal documentation and prior academic models, WhatsApp supports multiple active Signal channels between two devices. This finding exposes new attack vectors that can weaken PCS, especially if adversaries can initialize new sessions.
- Recovery Guarantees: Despite these risks, WhatsApp's architecture, particularly its handling of device revocation and multi-device verification, allows for security recovery after compromise, assuming users act to revoke affected devices.
One long-known but unresolved issue stands out in the paper. WhatsApp does not cryptographically authenticate group membership. While users can see who is in a group, the server ultimately controls that information, and malicious actors could exploit this to silently inject participants. The researchers treat this as a critical, yet previously acknowledged, vulnerability that undermines the system's overall cryptographic assurances.
In practical terms, the findings suggest that while WhatsApp offers robust encryption and a thoughtful recovery mechanism, it inherits complex security challenges from its reliance on many-to-many session management and a lack of authenticated group metadata. This makes user vigilance and timely device management crucial to maintaining privacy.
WhatsApp users who are worried about their security should regularly check and manage linked devices from their primary device, be alert to new device notifications, and unlink any suspicious or unknown devices immediately. It is also recommended to use out-of-band verification (such as QR code scans) when possible to authenticate contacts' identities.
Leave a Reply