STRANGERS may be snooping on your WhatsApp chats due to a bizarre security flaw, according to a cyber researcher.
Invites to users’ private groups are appearing in Google searches, allowing almost anyone to covertly join them without permission.
A major WhatsApp security flaw could be exposing your private chats to strangers onlineCredit: Alamy
The major security blunder emerged last year and was seemingly resolved after Google blocked WhatsApp invites from appearing in its search results.
However, a report from Gadgets360 on Monday revealed invitations still appear on the tool today.
All a hacker needs to do is Google one of a number of key phrases – which Gadgets360 is not sharing for security reasons – to access people’s groups.
Additionally, the tech site found that user profiles also show up in the tech titan’s search results. This could expose phone numbers and more to crooks.
Invites to private WhatsApp chats are appearing in Google search resultsCredit: Alamy
The shock finds prove that WhatsApp, designed to be a safe haven where people can text privately, is not as secure as users think.
Groups are normally protected from strangers as anyone who wants to join must do so using a digital invitation link.
However, these links can easily be copied by group members and shared with others.
Anyone who found an invitation – for instance via Google – would be free to secretly join the group and find out members’ phone numbers.
They could also see private or confidential information shared between a group’s members.
Gadgets360, which was alerted to the re-emergence of the Google issue by cyber researcher Rajshekhar Rajaharia, said that more than 1,500 WhatsApp group invite links are currently available in search results.
In a comment, WhatsApp pointed the finger of blame at Google.
“Since March 2020, WhatsApp has included the ‘noindex’ tag on all deep link pages which, according to Google, will exclude them from indexing,” a spokesperson said.
“We have given our feedback to Google to not index these chats.”
They hinted that many of the links are visible in Google because they were posted on public websites or social networks.
To avoid falling foul of the same issue, do not share WhatsApp links in anything other than private online chats.
The bug first came to light in February 2020 after cyber experts revealed that hundreds of thousands of WhatsApp private chats had been exposed.
They found links to join more than 470,000 groups visible in Google searches.
The glitch was discovered by Jordan Wildon, a multimedia journalist for German outlet Deutsche Welle.
WhatsApp – a quick history
Here’s what you need to know…
- WhatsApp was created in 2009 by computer programmers Brian Acton and Jan Koum – former employees of Yahoo
- It’s one of the most popular messaging services in the world
- Koum came up with the name WhatsApp because it sounded like “what’s up”
- After a number of tweaks the app was released with a messaging component in June 2009, with 250,000 active users
- It was originally free but switched to a paid service to avoid growing too fast. Then in 2016, it became free again for all users
- Facebook bought WhatsApp Inc in February 2014 for $19.3billion (£14.64bn)
- The app is particularly popular because all messages are encrypted during transit, shutting out snoopers
- As of 2020, WhatsApp has over 2billion users globally
“Your WhatsApp groups may not be as secure as you think they are,” Jordan tweeted last week.
He added that links to private groups “are generally available across the internet”.
Jordan’s claims were backed up by computer expert Jane Manchun-Wong, who regularly reverse-engineers apps in search of security vulnerabilities.
Groups exposed online included X-rated chats where people shared porn and groups allegedly linked to major organisations including the UN.
Following Jordan’s comments, Google said it had fixed the issue and was blocking WhatsApp group links from its search results.
However, the resurfacing of invites in its search results suggest the problem has yet to be resolved.
In other news, Donald Trump has banned eight major Chinese apps from operating in the United States as part of efforts to protect national security.
A hoax WhatsApp message warning that you may be hacked is spreading online.
And, sex tech company Lovense has just launched a group feature in its Lovense Remote app that sex toy fans could use for virtual group orgies.
What do you think of the WhatsApp bug? Let us know in the comments…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]