Cyber Bytes & Insights – Bite-Sized Cyber Training
The Cyber and Fraud Centre Scotland is delighted to launch a new training series, providing practical, hands-on exercises to boost cyber security readiness. Our Cyber…
WhatsApp is a widely used cross-platform messaging application with over 2 billion active users across 180 countries. The app’s popularity can be attributed to its user-friendly interface, reliability, and the fact that it is one of the most secure messaging apps available. WhatsApp employs end-to-end encryption, which means that messages exchanged between users are only visible to the sender and the recipient, and WhatsApp itself cannot access the content of these messages.
Although end-to-end encryption offers a high level of security, it alone is insufficient to safeguard users against all potential threats. A significant concern is the risk of an account being stolen, which would give hackers access to all the encrypted messages and data on the account. To counter this, the WhatsApp team is constantly enhancing the app’s security measures to deter such incidents. For instance, they have added crucial security features like two-factor authentication, account verification, and other security updates to enhance the app’s overall robustness.
WhatsApp’s recent update includes additional security measures to prevent ATO (account takeover) attacks. One of the new features, called ‘Account Protect’, notifies users when their account is transferred to a different device. To complete the account switch, users must confirm it on their old device, making it harder for hackers to take over an account without the user’s knowledge.
Another new security feature in WhatsApp’s latest update is ‘Device Verification’, which serves the same purpose as “Account Protect” in preventing ATO attacks. However, this feature does not require user interaction and operates silently in the background to thwart ATO attempts via malware that can steal authentication keys. Hackers can impersonate victims and send malicious messages to other potential targets by stealing these keys. To counter this, “Device Verification” verifies that connection attempts to the WhatsApp server come from the user’s device by sending an authentication challenge that checks for a security token stored on the device. If an incorrect response is received, the connection is blocked.
The latest WhatsApp update also includes ‘Key Transparency’, which enables users to confirm that a chat is end-to-end encrypted by tapping the encryption tab. These new security features are currently being rolled out. However, if your device has yet to receive them, you can still secure your account by enabling two-factor authentication and encrypted backups in your app settings.
While WhatsApp’s end-to-end encryption is a significant advantage, it is not entirely infallible, and ATO attacks remain a concern. Introducing these new security features demonstrates WhatsApp’s dedication to safeguarding its users’ data and enhancing overall app security.
Resources: