WhatsApp is the most widely used messaging service worldwide and every day billions of messages protected by end-to-end encryption circulate through this platform, meaning that only participants in a conversation or chat group can access the content of messages and user information, or at least we thought so, as cybersecurity researcher Jordan Wildon reported a strange behavior related to chat groups and Google’s search engine.
According to Wildon, Google has indexed links to WhatsApp groups, exposing the conversations, files, phone numbers and other data of the members of these supposedly private groups. In other words, any user can access one of these groups thanks to a simple Google search.
As cybersecurity experts mention, when someone creates a WhatsApp group, a private code is linked to it, this link can be sent by administrators to invite possible new members. Due to an unidentified security flaw, the links have been exposed to the reach of any user via the Internet browser; apparently the flaw had already been reported to WhatsApp a couple of months ago, although it is still present.
Apparently, users only have to do an Internet search using the domain chat.whatsapp.com, followed by any keyword (friends, family and so on). While verifying the finding, Wildon found pornography groups, working groups, non-governmental organizations, sale of various items, job search, and many more topics from countries such as the United States, Mexico, and Latin America.
Facebook, the company that owns WhatsApp, has not published an official statement about this flaw, although the firm is expected to be already working on a solution, as the report has been made public for some time. For the time being, cybersecurity firms and researchers recommend WhatsApp group administrators to disable the link to the group, which will prevent any user from trying to join, although this will not stop exposing user information online. Deleting the chat group could definitely also be functional.
The International Institute of Cyber Security (IICS) has reported frequent security flaws on the platform that can lead to the hijacking of WhatsApp sessions, sending fake messages and other malicious actions. Users can protect themselves from these flaws by keeping their application always updated and avoiding the use of WhatsApp Web, version of the service for desktops, as well as trying some alternatives to the use of this platform, such as Telegram.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
