Security Market Segment LS
Monday, 24 February 2020 01:31

You can easily find private WhatsApp chats with a simple search Featured

By

An 'intentional product decision' has meant that Google is able to index WhatsApp's invitation codes.

This was first reported to Facebook in early November by Twitter user HackrzVijay (in the hope of collecting on their bug bounty), but Facebook's 'security' representative, Kurt claimed that, "The links being accessible by anyone was an intentional product decision. Group admins can invalidate the link if so desired. The Surprise here was that they're indexed by Google. However, we cannot completely control what all search engines, Google, and others, index."  This was Kurt's response in full:

Facebook response

Has Kurt never heard of robots.txt or the 'noindex' meta tag? Those are the two normal ways of informing Google that the content should not be added to their search database.

Some background. A WhatsApp invite code is simply a URL that includes a long string of (seemingly) random text that permits anyone you share it with, the ability to join your group. This group might be a private chat amongst friends, a negotiation forum for the next big corporate take-over or even a porn collective. All of these could easily be located with a simple search.

How simple? Just ask Google to search for "chat.whatsapp.com" and add whatever identifier you think might be useful. This writer tried a few that popped into our mind and could easily locate a number of 'interesting' chat groups.  We didn't attempt to join any of them (they were probably expired anyway).

Be aware though, in this instance, Google has done nothing wrong. Not seeing any command to ignore the content, they merrily indexed all of this. It is WhatsApp's, and ultimately Facebook's problem.

Apparently Facebook doesn't think there's anything wrong with this, but then again, they've always struggled to grasp the importance of security and privacy of their users!

Update. It seems that something has been done to suppress the visibility of these invite codes. By instructing Google to limit search results to the past 24 hours, this writer found only news articles that discuss the problem were visible. Extending the limit to the past week DOES result in chat groups being displayed.

DIGITAL MARKETING HAS NO SOCIAL DISTANCING OR TRAVEL RESTRICTIONS

As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com

CONTACT US!

LAYER 1 ENCRIPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments