Technology

WhatsApp Users Beware: Private Group Chats Are Accessible Via Google Search

WhatsApp group chats can be easily found via a Google search because the search engine is indexing links to conversations intended to be private.

People use WhatsApp to chat with their friends and family because it’s easy to use and private. But the encrypted app might not be as private as you think.

All it takes is a quick Google search and anyone can join a range of WhatsApp chats, including those meant to be private, according to esteemed tech site Vice which first broke the story.

Private WhatsApp conversations are usually only accessible via an invite code handed out to group members by the chat moderator.

But this code is simply a string of text and a URL, it seems that at least some of these are being indexed so they are accessible by anyone via Google search.

You can see if any of your private chats are visible by typing in chat.whatsapp.com and then adding in some detail relating to the group chat. 

You can see if any of your private chats are visible by typing in chat.whatsapp.com and then adding in some detail relating to the group chat. 

What happened with WhatsApp? 

On February 21st 2020 via Twitter, a multimedia journalist for the German outlet Deutsche Welle, Jordan Wildon issued a warning: “Your WhatsApp groups may not be as secure as you think they are.

He detailed how the “Invite to Group via Link” feature “allows groups to be indexed by Google” and “they are generally available across the internet.

In other words, Wildon explained: “Any group link that is shared it outside of secure, private messaging can relatively easily be found and joined.

And it gets worse: even if you haven’t shared the link, he said, “It’s possible, but difficult, to run a kind of brute-force method to get access to a URL that corresponds to an active group chat.

Renowned ethical hacker Jane Manchun Wong confirmed this in a later tweet, adding that 470,000 search results can be found on Google for the term “chat.whatsapp.com” – a section of the URL used for WhatsApp group invites.

Many of the links lead to sensitive subjects such as adult material, Vice found. A cursory search by this writer found some similar links easily available.

Although it’s true some of the links are meant to be open to the public, Vice also found chats that exposed the phone numbers of 48 participants in a WhatsApp group conversation that appeared to be non-governmental organisations accredited by the United Nations.

Why is this WhatsApp issue happening? 

Soon after the issue was raised, Google’s public search liaison Danny Sullivan explained what was happening. “Search engines like Google and others list pages from the open web. That’s what’s happening here. It’s no different to any case where a site allows URLs to be publicly listed.

Ethical hacker @HackrzVijay said he had reported the issue to WhatsApp owner Facebook back in November, and Facebook had not done anything about it. In fact, Facebook said, it’s an “intentional product decision”, and group admins “can invalidate the link if so desired.

In addition, although Facebook admitted it was “surprised” that the links are indexed by Google, they said they cannot control what gets indexed by Google’s search engine.

But this is bad, right?

It’s certainly not ideal, especially if you use WhatsApp for sensitive conversations. Jake Moore, cybersecurity specialist at ESET says the ability to find chats so easily is “utterly horrifying.

I can’t see a beneficial reason as to why any party would see this as a good idea. If anything, it just makes WhatsApp appear less secure. It may be encrypted in the middle, but if you are accepted into a group chat, you have the encryption key to read on.

Although Moore didn’t find any of his own chats, he searched for “The Girls” – the name of a group his wife was a member of – and found numerous other groups with the same name including adult-themed conversations.

What to do?

WhatsApp is end-to-end encrypted, but it is now owned by Facebook, which is integrating Instagram, Facebook Messenger and WhatsApp at the back end. 

After a slew of data scandals, privacy issues and breaches, many people don’t trust Facebook, so it might make sense to try something else.

ESET’s Moore recommends the use of other apps such as Signal or Telegram chat apps which, he says, “Focus more heavily on user security and privacy.

Security researcher Sean Wright agrees. He says anyone concerned about privacy should try alternatives chat apps “as it doesn’t look like Facebook or Google are going to do much about this.

Personally, we second the opinion of using alternative apps for chatting with your friends and family which are also support a number of consumer-friendly features, are super-secure and just as easy to use. 

In the end, it comes down to what you can persuade your friends and family to do. Perhaps show them this article and agree on the best app for everyone involved.

Related posts
SEO

Benefits of Guest Blogging for SEO

Marketing

How to Build a Social Media Strategy for eCommerce

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen + 12 =

Worth reading...
Post, Pin & Tweet: For the Best Outreach