WhatsApp Introduces New Security Feature to Combat Account Takeovers

Reading Time: ( Word Count: )

April 13, 2023
Nextdoorsec-course

WhatsApp, the popular instant messaging application, has recently introduced a new security feature known as “Device Verification” to prevent malware from affecting users’ accounts on their mobile devices. 

According to a statement by the company, mobile device malware poses a significant threat to user privacy and security, as it can use the victim’s WhatsApp account to send spam and phishing links without their consent.

The Device Verification feature aims to prevent account takeover attacks by blocking unauthorized connections and allowing users to continue using the app without interruption. An authentication challenge that serves as an “invisible ping” from the server to the user’s device and a cryptographic nonce to determine whether WhatsApp clients contact the server for incoming messages are used to do this.

Also, See; “Massive Balada Injector Malware Campaign Infects Over 1 Million WordPress Sites”

The security token, modified each time a client receives an offline message, must be sent whenever a client connects to the server. An authentication challenge is considered unsuccessful if the client responds from a different device, indicating a suspicious connection from an attacker. In such cases, the connection is blocked.

WhatsApp has already rolled out the Device Verification feature to all Android users and is deploying it to iOS users. It is a component of a larger set of enhancements designed to authenticate and verify users’ identities, such as displaying alerts when migrating an account from one device to another.

Another new feature introduced by WhatsApp is “Key Transparency,” which automatically confirms whether chats are end-to-end encrypted without requiring additional user action. This is achieved by implementing an Auditable Key Directory (AKD) based on existing protocols like CONIKS and SEEMless, which allows users to verify their conversation security by validating the encryption key’s authenticity.

WhatsApp’s Device Verification and Key Transparency features represent significant advancements in mobile device security, and users are encouraged to update their apps to take advantage of these features.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *