The cybersecurity firm Kaspersky has yet to encounter any malicious interception of WhatsApp calls or group calls.
The new feature of WhatsApp to allow users to join a group call after it has already begun increases the possibility of devices becoming infected with trojan, which increases the risk of eavesdropping.
Commenting on the possibility of eavesdropping, Victor Chebyshev, Lead Security Researcher at Kaspersky in a statement on Thursday, said “…If a device is infected, it is highly likely that the Trojan will have the ability to record the device microphone and camera – enabling attackers to eavesdrop on any conversations, regardless of the communication channel used, be it an instant messenger or a regular call on a mobile phone,”
In essence, an attackers can effortlessly join a call — if they are a member of the WhatsApp group.
Chebyshev added “All they have to do is wait until most of the participants have joined and then hope that they can participate unnoticed. The attacker also doesn’t need to sit and wait for the start of the call, as they connect at any time,”
It’s worth noting that the group administrator can keep track of who’s in the group and make sure that no outsiders can join the WhatsApp group. WhatsApp also claims that the feature is protected by end-to-end encryption.
Chebyshev further said “Thus, neither the app itself nor the people trying to organize a man-in-the-middle attack, will be able to intercept either group correspondence or calls, including group calls,”