“WhatsApp is the most popular messenger in the world, with billions of users. WhatsApp offers strong functionality with various ways of communicating. For example, group calls for up to eight people proved to be very popular during periods of self-isolation and lockdown – not only for WhatsApp, but other messaging systems too.
Until recently, if such a group call in WhatsApp had already begun and an intended participant, for one reason or another, could not join at the start, it was not possible to connect later. The situation has now changed, and developers have added the ability to join an ongoing conversation. The same function is also available in the corporate messenger application Microsoft Teams.
However, from a security point of view, being able to join a call already in progress increases the risk of eavesdropping. The bottom line is that if an attacker is in a WhatsApp group, it won’t be difficult for them to connect to a call. All they have to do it wait until most of the participants have joined and then hope that they can participate unnoticed. The attacker also doesn’t need to sit and wait for the start of the call, as they connect at any time.
It is worth noting that members of the group – especially the administrator – can keep track of participants and ensure that outsiders are not joining. Also, the messenger application itself guarantees the privacy of data exchange in the group through the use of end-to-end encryption. Thus, neither the app itself, nor the people trying to organize a man-in-the-middle attack, will be able to intercept either group correspondence or calls, including group calls.
To date, most of the malicious software has focused on intercepting archived WhatsApp messages and online dialogs, and we have not yet encountered any interception of calls, let alone group calls. Nevertheless, if a device is infected, it is highly likely that the Trojan will have the ability to record the device microphone and camera – enabling attackers to eavesdrop on any conversations, regardless of the communication channel used, be it an instant messenger or a regular call on a mobile phone.”
Victor Chebyshev, Lead Security Researcher at Kaspersky- views are of the author and his/her personal opinion, the comments here does not reflect of BusinessToday’s or the management.
