Why is it risky to enter a WhatsApp video call that has already been started?

Why is it risky to enter a WhatsApp video call that has already been started?

Spread the love

Why is it risky to enter a WhatsApp video call that has already been started?

The popular messaging platform WhatsApp announced in July a feature relevant to video calling, one of the most used features in times of pandemic: users now have the ability to join a communication once it has started. A priori, a beneficial situation for many, but also dangerous for the safety of the participants.

Until recently, if a group call on WhatsApp had already started and a participant, for one reason or another, could not join immediately, it was no longer possible to reconnect to the call. There was no other solution than to dissolve the communication, re-generate a new one and select the participants one by one.

However, this issue is now fixed, as the developers added the ability for users to join a conversation started via the “join calls” feature. This feature is now available on other video calling platforms such as ZoomorGoogle Meet.

WhatsApp video calls, are they risky?

In a post on the corporate blog, the Facebook-owned messaging app explained that “some of the best conversations happen when we least expect it“In fact, video calls for both personal and corporate use can happen anytime, anywhere and come not just from known contacts. And this, inevitably, increases the risk of espionage.

For example, in the business environment, this scenario could generate serious consequences.

According to data captured by Kaspersky and voluntarily provided by its customers, WhatsApp is among the top five web services most frequently accessed by employees from their corporate devices.

“The bottom line is that if a strange or malicious person is in a WhatsApp group, they will have no problem connecting to a call. All you have to do is wait until most of the participants have joined and then there enter without anyone noticing your presence“Said Victor Chebyshev, Principal Security Researcher at Kaspersky.

Although most malicious software is currently focused on intercept archived WhatsApp messages and online conversations, and they still did not find any interception of calls, the specialists do not rule out that a third party may violate member privacy of a group call.

“If a device is infected, it is very likely that the Trojan has the ability to make recordings through the device’s microphone and camera, allowing cybercriminals to listen in on any conversation, regardless of the communication channel used, be it a messaging application or a call from normal mobile phone, “explained Chebyshev.

“The ability for a participant to join a call or video call at any time can be a potential risk for other members “, says Martina López, Cybersecurity Researcher at ESET Latin America.

WhatsApp video calls became popular in a pandemic.

And he adds: “Mainly, these risks can be summarized in the inadvertent entry of an outsider that it had been invited, either intentionally or by accident, by users already within the communication.

According to the information provided by the researcher from the computer security company ESET, the principal problem of the WhatsApp app is that it does not emit sound when a contact enters a video call.

If to this technical detail is added the habit of several users of using video calls in the same way as they do with telephone calls, that is, holding the cell phone against their face as using other applications on the screen, it is likely that lose sight of who just entered to the conversation.

“Although it is important to note that it is not completely improper access, since the user must have received a previous invitation to join, it can become uncomfortable or unwanted situations where the call is being heard by someone who should not “, he concludes.

Why is it risky to enter a WhatsApp video call that has already been started?

Cybersecurity researchers warn of the risks of WhatsApp video calls.

On the other hand, the Czech cybersecurity company Avast They have a different stance on the security of video calls on WhatsApp.

“If stakeholders are concerned that someone will overhear sensitive information shared in a conversation, they can simply create a new group dedicated to that end (which in reality may be advisable when discussing issues that do not concern all members of the group) “, warns Ondrej David, leader of the company’s malware analysis team in dialogue with Clarín.

And he adds: “If a user is a victim of some kind of spyware or a RAT (remote access Trojan) capable of recording the screen and / or the camera and / or the microphone, any such application can be spied on. This is not unique to WhatsApp group calls. “

“Also, most video conferencing applications make a sound when a new participant joins the current meeting, so I think the chances that at least someone on the call will not notice that a new participant has joined are quite casualties, “he stressed.

Recommendations of specialists

In terms of app security and the new feature, the researcher from Kaspersky highlights that group members -especially the administrator- can make a follow-up of participants and make sure strangers or unwanted people don’t join the call.

“In addition, the app itself guarantees the privacy of the data exchange in the group through the use of end-to-end encryption. Thus, neither the application itself, nor the people who try to carry out any type of attack, will be able to intercept the message or the call, including group calls ”, he stressed.

For her part, the ESET researcher recommends “contacting one or more people who will be part of a video call in advance.” Just by taking this collection, participants will be able to see who is active and thus notice the appearance of a new member.

It must always be borne in mind that any user who is invited can eventually join, and listen to the conversation that maintains the group.

They also recommend verifying that invited contacts are correct, and not a wrong number that leads to an unknown user accessing the communication.

SL