In the face of the increasingly numerous and sophisticated cyberattacks, WhatsApp has three new security features to prevent identity theft and ensure conversations stay private.
With over 2 billion users worldwide, WhatsApp is regularly targeted by cybercriminals, who attempt to use the notorious messaging service to steal users’ personal data, hack into their devices, or extort money from them. Right now, the so-called “six digit text messaging” scam, where a “friend” calls the victim to send the code they just received, is causing havoc (check out our article). One of the main threats comes from malware that takes over smartphones to send spam messages through victims’ accounts. Also, even though WhatsApp is end-to-end encrypted – which prevents hackers from seeing the content of messages, since only senders and recipients can read them – and double authentication limits account theft, Meta decided to beef up the security of its instant messaging system thanks to several functions that must be provided More privacy and more control over your messages.as announced in blog post. They will be published in the coming months and applied automatically.
WhatsApp Device Verification: Malware Protection
The first function, called Hardware Check, is intended to combat malware. In fact, with end-to-end encryption, no one – not even WhatsApp – can read messages sent between users. The latter are therefore protected against interception, but remain vulnerable if cybercriminals infect the endpoints of the connection, i.e. the mobile devices themselves. In this case, the hacker can steal the authentication key, thereby impersonating the victim to send spam, scams, or phishing messages to other potential victims.
That’s why Meta decided to add checks to authenticate the account and better protect the user if the device gets hacked. Device verification introduces three new settings for Prevent malware from stealing the authentication key and connecting to the WhatsApp server from outside the user’s device. : a security token stored on the user’s device, which is an arbitrary number that can only be used once – to determine if someone has logged in to retrieve a message from the WhatsApp server, and to challenge authentication in the event of a suspicious connection – an invisible PING sent by the WhatsApp server to the user’s device. Simply put, these various elements will make it possible to block hacking attempts automatically, without disturbing the user. WhatsApp has started rolling out device verification on Android and is expected to do the same on iOS soon.
WhatsApp Security: Functions to prevent identity theft
WhatsApp will also welcome two other new security features. The first, called Account Protect, alerts the user when IM accounts are linked to new devices. A window saying “Do you allow your WhatsApp account to be transferred to another phone?” With the time of the attempt and the recipient’s device displayed on the user’s device, in order to warn him in the event of an unauthorized attempt to use his account on another device. If the transfer is validated, the WhatsApp account will no longer be available on the old device.
The second feature, titled Automatic Security Codes, is “Encrypted security feature to automatically verify a secure connection based on key transparency”. This device is already available, but in a very impractical way. In fact, in the contact information, the user can verify that the conversation is secure by clicking on “Encrypt”, and then ask the contact to confirm the security code via a QR code. To make this process easier and more intuitive, Meta is rolling out a new security feature based on Key Transparency technology. By clicking on the “Encryption” tab, users can now instantly verify that their conversation is secure. This saves time!