WhatsApp again in the news and not at all for good reasons. Recently, WhatsApp’s Facebook-like group chat features have detected flaws that jeopardize user privacy. So, does this refers to the uninstall of the app?
Well, WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. Justifying this, the company also added in its website that, “Some of your most personal moments are shared with WhatsApp, so your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.”
But here WhatsApp members might not be aware that while using the app’s Group Chat feature, their data can be harvested by anyone in the group. Even worse, their mobile numbers can be used to identify and target them.
More on the WhatsApp Group:
WhatsApp groups are designed to enable groups of up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links anyone interested to opt-in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide any name or otherwise identify of themselves. Here, a new report from European researchers shows that this design could leave inattentive members open to targeting.
The researchers demonstrated that a tech-savvy person can easily obtain a bulk amount of data from WhatsApp groups, simply with the usage of an old Samsung smartphone running scripts and off-the-shelf applications. Now, this is not a security breach, and the app is working exactly as designed.
The researchers obtained lists of public WhatsApp groups through web searches and used a browser automation tool to join a few of the roughly 2,000 groups they found, a process requiring little human intervention and easily applicable to a larger set of groups. Now, their smartphone began to receive large streams of messages, which WhatsApp stored in a local database. The data are encrypted, but the cipher key is stored inside the RAM of the mobile device itself. Thus, this allowed the researchers to decrypt the data using a technique developed by Indian researchers L.P. Gudipaty and K.Y. Jhala.
The researchers’ goal was to determine how WhatsApp could be used for social-science research. But their paper actually demonstrated how easily marketers, hackers, and governments can take advantage of the WhatsApp platform, minus any contractual restraints and for almost no cost.
Researcher Paul Rösler reportedly added that “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them. … If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little.”
Well, to be frank, Facebook and its family of companies are being much too casual about privacy, as witnessed from we have seen from the Cambridge Analytica revelations, harming freedom and democracy. So, obviously, they need to be held to higher standards.