WhatsApp has just begun rolling a new joinable calls feature this week. This lets users join group calls even if the call has already started. While joinable calls certainly seem like a nice feature to have, not everyone is pleased by it. In fact, according to cybersecurity firm Kaspersky, joinable calls may be a new threat to users.
Victor Chebyshev, the lead security researcher at Kaspersky, points out the flaw in WhatsApp’s joinable calls feature. He claims that being able to join calls that are already underway mean that the risk of eavesdropping increases too. In fact, the simplest way to do so is to be a participant in a WhatsApp group, join a call mid-way and hope that the other group members don’t notice it. The eavesdropper won’t need to be there at the start of the call too, as joinable calls would let them eavesdrop any time.
Of course, it is perhaps worth pointing out that group members, especially the group admins, can take note and keep track of participants that are in a group call. Once they spot anyone in the call who shouldn’t be there, they can simply end the call before any more information gets given away.
WhatsApp itself also has end-to-end encryption, allowing for the privacy of data exchange in the group. This way, neither the app or any bad actors can intercept group messages or calls, even joinable group calls. Right now, most malicious software try to intercept archived WhatsApp messages and chatlogs, and Chebyshev hasn’t seen any that target calls just yet. That being said, a smartphone with a Trojan virus will probably have access to the microphone and camera, meaning attackers can eavesdrop in on conversations anyway.
It’s imperative that WhatsApp users continue to make sure that their security isn’t compromised. While the new joinable calls itself won’t lead to security issues, as Chebyshev mentions it is still another avenue for eavesdropping. If you find yourself using the new feature, remember to keep track of who’s going in and out of calls just to be safe.