Researchers have discovered vulnerabilities in messaging apps (for example WhatsApp) that allow intruders to infiltrate private group chats. Victor Chebyshev, security researcher at Kaspersky Lab commented below.
Victor Chebyshev, Security Researcher at Kaspersky Lab:
“Vulnerabilities have been found in the infrastructure of messenger services such as WhatsApp, Signal, and Threema, providing intruders with an opportunity to add new members to group chats without this being immediately apparent to other members. Thus, messages sent by other group members as well as their personal information (names and phone numbers) might leak to intruders. Exploitation of these security flaws can represent a serious threat, especially to those who share confidential information in group chats.
According to the research, to access group chats, hackers first need to gain access to a messaging app’s server. However, the report does not provide an actual example of such attack. Hacking these servers is not easy from a technical perspective and it takes a lot of time and effort. Furthermore, gaining control of the server is not even necessary – it is much easier for attackers to hack directly the mobile device of a member of the group chat. We recently reported and described examples of this kind of attack: https://securelist.ru/android-commercial-spyware/88170/
In order to stay protected Kaspersky Lab recommends the following action:
- Pay close attention to group chats and control manually the addition of new members.
- Avoid sharing any sensitive personal information in group chats, and instead use direct messages.
- Install a security solution on your device to protect you from any possible threat.”
