Public WhatsApp groups are prone to data breach

Science

04 Apr 2018

Warning: User data can be scraped from public WhatsApp groups

According to a new report by European researchers, WhatsApp's group chat feature is prone to data breach despite being end-to-end encrypted.

The feature is flawed by design and allows data to be harvested by anyone in the group.

This demonstrates the ease with which marketers, hackers, and governments can exploit user privacy on WhatsApp, without breaking any policies and free of cost.

Details

Public WhatsApp groups can be found on the web

Public WhatsApp groups can be found on the web

WhatsApp groups can be joined by a maximum of 256 people by adding particular contacts or circulating an invite link.

Researchers pointed out that public WhatsApp groups can be found on the web and anyone can join them through the invite link.

While group members are notified about new joinees, the latter is not obligated to identify themselves in any way.

Proof

Hackers can access data like phone numbers, images, videos

In a draft paper, researchers detailed how they joined 178 public WhatsApp groups and gained access to their data which WhatsApp stores in the sqlite database of the local device.

The researchers started receiving large streams of messages exchanged between 45k WhatsApp users over a period of six months.

This included mobile numbers of the group members, and any images, videos, and web links they shared.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

Data is encrypted, but that doesn't stop hackers

Even though the data researchers obtained was encrypted, it could be decrypted using a technique developed by Indian researchers L.P. Gudipaty and K.Y. Jhala. This was possible because the cipher key of the encrypted data was stored inside the RAM of the mobile device itself.

Not the first time WhatsApp group chats are under scrutiny

Earlier, German cryptographers had discovered that anyone who is in control of WhatsApp's servers can infiltrate group chats. This meant that cybercriminals could add new people to WhatsApp group chats without the permission of the group admin, giving them access to unwarranted information.

Share this timeline

Data Protection

WhatsApp

Share this timeline

Ask NewsBytes
User Image

Next Timeline