WhatsApp is the most widely used messaging service worldwide and every day billions of messages protected by end-to-end encryption circulate through this platform, meaning that only participants in a conversation or chat group can access the content of messages and user information, or at least we thought so, as cybersecurity researcher Jordan Wildon reported a strange behavior related to chat groups and Google’s search engine.
According to Wildon, Google has indexed links to WhatsApp groups, exposing the conversations, files, phone numbers and other data of the members of these supposedly private groups. In other words, any user can access one of these groups thanks to a simple Google search.
As cybersecurity experts mention, when someone
creates a WhatsApp
group, a private code is linked to it, this link can be sent by administrators
to invite possible new members. Due to an unidentified security flaw, the links
have been exposed to the reach of any user via the Internet browser; apparently
the flaw had already been reported to WhatsApp a couple of months ago, although
it is still present.
Apparently, users only have to do an Internet search using the domain chat.whatsapp.com, followed by any keyword (friends, family and so on). While verifying the finding, Wildon found pornography groups, working groups, non-governmental organizations, sale of various items, job search, and many more topics from countries such as the United States, Mexico, and Latin America.
Facebook, the company that owns WhatsApp, has
not published an official statement about this flaw, although the firm is expected
to be already working on a solution, as the report has been made public for
some time. For the time being, cybersecurity firms and researchers recommend
WhatsApp group administrators to disable the link to the group, which will
prevent any user from trying to join, although this will not stop exposing user
information online. Deleting the chat group could definitely also be
The International Institute of Cyber Security (IICS)
has reported frequent security flaws on the platform that can lead to the
hijacking of WhatsApp sessions, sending fake messages and other malicious
actions. Users can protect themselves from these flaws by keeping their
application always updated and avoiding the use of WhatsApp Web, version of the
service for desktops, as well as trying some alternatives to the use of this
platform, such as Telegram.