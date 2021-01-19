Any WhatsApp user who belongs to a group has been spied on and even cyber-attacked in recent weeks. The last security breach was detected on January 10 and, although it has already been fixed, it may have been the cause of impersonations. Links from at least 4,000 group chats They have appeared in the Google search engine available to anyone. Thanks to this, cybercriminals have been able to join private groups without being discovered.

It is not known how long the links had been on Google, but it has been at least several days, in which cybercriminals could have taken the opportunity to sneak into countless groups and, as a consequence, carry out phishing cyberattacks through sending web address (URL).

This is not the first time this problem has been detected. In 2019 and again in 2020, WhatsApp group addresses were also detected on Google. The company claimed to have resolved this failure that occurs when a link is created to invite a person to join a group. Google indexes this link automatically and from there it is accessible to all users after performing a precise search.

He phishing is a fraud mechanism that allows cybercriminals to collect sensitive information such as user names, account passwords or credit card numbers through electronic communication. In this case, someone could, for example, impersonate a friend or family member of a group member in order to scam the chat users. “Sometimes you don’t even need that. Simply when the attackers have been in the group for days, they send links of malicious content to the rest of the users, who click without thinking that they are a stranger ”, points out Eusebio Nieva, Check Point technical director for Spain and Portugal.

It is a problem that can also occur if the invitation link is sent in bulk, since the social network allows anyone who has the URL to enter a group.

In Telegram, a similar platform, you can revoke the link, create a second link or determine a certain duration to be able to access the invitation links. And in a third, Discord can also determine if users can invite others. “WhatsApp does not notify, not even administrators, that someone new has joined the group, so users must be vigilant. That person is going to listen and read all the content with all the confidentiality problems that this entails, ”says Nieva.

That is why it is difficult to avoid this type of impersonation. “The human factor is always the most vulnerable, we should not trust someone just because they are in the same WhatsApp group as us,” adds Nieva. Staying alert and investigating who we communicate with is essential to avoid falling into this type of deception. WhatsApp’s cybersecurity team recommends that the access links be sent to the groups with caution. Links must be shared privately with people the user knows and trusts. They should not be posted on a publicly accessible website, “says a WhatsApp spokesperson.

The origin of the failure

The problem has occurred because Google has indexed the group invitation addresses. The term indexing means it refers in this case to a data or web address appearing in the search engine. “Google works because it obtains information from all the websites that can be accessed and, with this huge database, it provides the links based on the request that users enter in the search engine”, says José Luis Vázquez Poletti, professor in the Computer Architecture and Automation department from the Complutense University of Madrid (UCM).

These data are not obtained because the workers of the multinational are collecting information from the webs one by one. It is done through sophisticated and very fast bots, much more powerful than those of Twitter or Facebook. The ones that Google uses are tremendously automated. They are called spiders because they are programs that go through the web links in a systematic way as if they were moving through a spider web.

Every time a bot finds a link it copies it, and from there it continues searching for associated metadata. So if you find a URL of a WhatsApp group, as it happened in 2019 and 2020, the system itself continues to find more just by pulling the thread. “Originally, the failure was due to the fact that a command in the WhatsApp Web file was not correct, that is, there was no instruction that prevented uploading that data to Google,” says Professor Vázquez Poletti.

“It is possible that the latest WhatsApp updates were developed by a team other than the original and therefore certain aspects of the configuration have not been taken into account,” speculates Professor Vázquez Poletti. “That could have been the mistake because when you inherit a project from someone else, no matter how much documentation exists, you don’t have a global vision,” he highlights.

The problem is that it has already happened three times, although the American multinational assures that it was corrected. “Since March 2020 WhatsApp includes the label noindex on all link pages. We have also spoken with Google so that it does not index these chats, ”concludes a WhatsApp spokesperson.