STRANGERS may have snooped on your WhatsApp chats due to a bizarre security flaw, according to a cyber researcher.

Invites to users’ private groups appeared in Google searches, allowing almost anyone to join them without permission.

A major security flaw could have exposed your private WhatsApp chats to strangers online

2

A major security flaw could have exposed your private WhatsApp chats to strangers onlineCredit: Alamy

The major security blunder emerged last year and was seemingly resolved after Google blocked WhatsApp invites from appearing in its search results.

However, a report from Gadgets360 on Monday revealed invitations still appeared on the tool early this year.

The Sun understands that Google has now fixed the issue, and that WhatsApp invites no longer appear in search.

Prior to the fix, all a hacker needed to do is Google one of a number of key phrases – which Gadget360 is not sharing for security reasons – to access people’s groups.

Invites to private WhatsApp chats appeared in Google search results

2

Invites to private WhatsApp chats appeared in Google search resultsCredit: Alamy

Additionally, the tech site found that user profiles also showed up in search results. This could have exposed phone numbers and more to crooks.

The shock finds prove that WhatsApp, designed to be a safe haven where people can text privately, is not as secure as users think.

Groups are normally protected from strangers as anyone who wants to join must do so using a digital invitation link.

However, these links can easily be copied by group members and shared with others.

Anyone who found an invitation – for instance via Google – would have been free to secretly join the group and find out members’ phone numbers.

They could also have sees private or confidential information shared between a group’s members.

Gadgets360, which was alerted to the re-emergence of the Google issue by cyber researcher Rajshekhar Rajaharia, said that more than 1,500 WhatsApp group invite links were available in search results.

In a comment, WhatsApp pointed the finger of blame at Google.

“Since March 2020, WhatsApp has included the ‘noindex’ tag on all deep link pages which, according to Google, will exclude them from indexing,” a spokesperson said.

“We have given our feedback to Google to not index these chats.”

They hinted that many of the links were visible in Google because they were posted on public websites or social networks.

To avoid falling foul of the same issue, do not share WhatsApp links in anything other than private online chats.

The bug first came to light in February 2020 after cyber experts revealed that hundreds of thousands of WhatsApp private chats had been exposed.

They found links to join more than 470,000 groups visible in Google searches.

The glitch was discovered by Jordan Wildon, a multimedia journalist for German outlet Deutsche Welle.

WhatsApp – a quick history

Here’s what you need to know…

  • WhatsApp was created in 2009 by computer programmers Brian Acton and Jan Koum – former employees of Yahoo
  • It’s one of the most popular messaging services in the world
  • Koum came up with the name WhatsApp because it sounded like “what’s up”
  • After a number of tweaks the app was released with a messaging component in June 2009, with 250,000 active users
  • It was originally free but switched to a paid service to avoid growing too fast. Then in 2016, it became free again for all users
  • Facebook bought WhatsApp Inc in February 2014 for $19.3billion (£14.64bn)
  • The app is particularly popular because all messages are encrypted during transit, shutting out snoopers
  • As of 2020, WhatsApp has over 2billion users globally

“Your WhatsApp groups may not be as secure as you think they are,” Jordan tweeted last week.

He added that links to private groups “are generally available across the internet”.

Jordan’s claims were backed up by computer expert Jane Manchun-Wong, who regularly reverse-engineers apps in search of security vulnerabilities.

Groups exposed online included X-rated chats where people shared porn and groups allegedly linked to major organisations including the UN.

Following Jordan’s comments, Google said it had fixed the issue and was blocking WhatsApp group links from its search results.

However, the resurfacing of invites in its search results suggest the problem has yet to be resolved.

Facebook is sued over ‘illegal monopoly’ claims and told to sell off Instagram and WhatsApp by US gov

In other news, Donald Trump has banned eight major Chinese apps from operating in the United States as part of efforts to protect national security.

A hoax WhatsApp message warning that you may be hacked is spreading online.

And, sex tech company Lovense has just launched a group feature in its Lovense Remote app that sex toy fans could use for virtual group orgies.

What do you think of the WhatsApp bug? Let us know in the comments…


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]


This post first appeared on Thesun.co.uk

You May Also Like

The Best Electric Toothbrush is Half Off ($20) for Prime Day

We’ve scoured Amazon for the absolute best Prime Day deals, and this…

Royal Mail is building 500 drones to carry mail to remote communities

Royal Mail is building a fleet of 500 drones to carry mail…

Your iPhone has an important signal ALL users must check in hot weather

YOUR iPhone is packed with handy features that can help you tackle…

Kindle will finally support ePub files – making it easier to load e-books you DIDN’T buy from Amazon

Amazon’s Kindles are some of the most popular e-readers on the market,…