Links to private WhatsApp chat groups can be used to show the communication and private data of group members, even if you are not a member.
Despite the popular instant messaging application having end-to-end encryption for individual and group chats, a team of experts have discovered that WhatsApp security remains vulnerable after uncovering that that private WhatsApp groups can be found and joined via a simple Google search.
Referring to end-to-end encryption, this function is designed to protect WhatsApp users. The function should only allow participants within a particular chat or group to have access to the content of the messages and the user's information.
The breach in WhatsApp’s security is a result of Google allowing users to find invitations to private groups and join them. Links to WhatsApp groups have been indexed, exposing conversations, files, phone numbers, and other data.
WhatsApp group administrators can override a chat link and change it, but this does not necessarily disable the original link. Researchers found that users simply have to perform an internet search using the domain chat.whatsapp.com, followed by any keywords to find specific private group chats. Every time a group chat administrator generates an invitation link and sends it to someone, this link is registered with Google, which technically anyone to find it.
Following a media outcry, Google has finally removed the links from the search results. Though despite Google’s efforts, internet security expert Lav Kumar reported that links to over 60,000 unique links are still accessible on multiple websites.
Even without joining a group, it is still possible to see the name, description, image and phone number of it’s creator - via the posted links. If you join the group, this allows access to even more information, for example phone numbers of up to 256 participants (group number limit). Adding any of the numbers to your contacts will also generate the app to display the contact’s name in the group.
WhatsApp has experienced a number of security related issues over the last year, which is causing increasing concern among users. One high profile incident involved an alleged hack into Amazon boss, Jeff Bezos', phone in 2018 - carried out via a malware-infected WhatsApp message.
Big organisations have started to move away from WhatsApp. If you are currently using the group function for work chats, it would be advisable to look elsewhere. The EU is already doing this, banning WhatsApp and instructing staff members to use Signal, another platform understood to be more secure for communications.
If you’re keen to continue using WhatsApp, one way to help stay protected against these security related defects is to keep the app up-to-date - to ensure you are using the latest version, and avoid using WhatsApp web - the desktop version. Alternatively, it might be time to try a different platform, such as Telegram or Signal.