WhatsApp Introduces New Security Feature to Combat Account Takeovers

Reading Time: ( Word Count: )

April 13, 2023
Nextdoorsec-course

WhatsApp, the popular instant messaging application, has recently introduced a new security feature known as “Device Verification” to prevent malware from affecting users’ accounts on their mobile devices. 

According to a statement by the company, mobile device malware poses a significant threat to user privacy and security, as it can use the victim’s WhatsApp account to send spam and phishing links without their consent.

The Device Verification feature aims to prevent account takeover attacks by blocking unauthorized connections and allowing users to continue using the app without interruption. An authentication challenge that serves as an “invisible ping” from the server to the user’s device and a cryptographic nonce to determine whether WhatsApp clients contact the server for incoming messages are used to do this.

Also, See; “Massive Balada Injector Malware Campaign Infects Over 1 Million WordPress Sites”

The security token, modified each time a client receives an offline message, must be sent whenever a client connects to the server. An authentication challenge is considered unsuccessful if the client responds from a different device, indicating a suspicious connection from an attacker. In such cases, the connection is blocked.

WhatsApp has already rolled out the Device Verification feature to all Android users and is deploying it to iOS users. It is a component of a larger set of enhancements designed to authenticate and verify users’ identities, such as displaying alerts when migrating an account from one device to another.

Another new feature introduced by WhatsApp is “Key Transparency,” which automatically confirms whether chats are end-to-end encrypted without requiring additional user action. This is achieved by implementing an Auditable Key Directory (AKD) based on existing protocols like CONIKS and SEEMless, which allows users to verify their conversation security by validating the encryption key’s authenticity.

WhatsApp’s Device Verification and Key Transparency features represent significant advancements in mobile device security, and users are encouraged to update their apps to take advantage of these features.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Revealing the Difference Between Phishing and Spam: Expert Insights

Revealing the Difference Between Phishing and Spam: Expert Insights

Have you ever received an unsolicited email and wondered if it was a harmless advertisement or a nefarious attempt ...
US and Japanese Authorities Sound Alarm on China’s ‘BlackTech’ Cyber Espionage Group

US and Japanese Authorities Sound Alarm on China’s ‘BlackTech’ Cyber Espionage Group

In a collaborative effort, US and Japanese law enforcement and cybersecurity entities have jointly raised an alert ...
Proven Strategies to Combat Phishing vs. Spear Phishing Threats

Proven Strategies to Combat Phishing vs. Spear Phishing Threats

Have you ever received a suspicious email urging you to click on a link? Or maybe one that's too good to be true? ...
New GPU Attack on the Horizon: A Deep Dive into GPU.zip Vulnerability

New GPU Attack on the Horizon: A Deep Dive into GPU.zip Vulnerability

Researchers from four renowned U.S. universities have unveiled a novel GPU side-channel attack. This method uses ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *