WhatsApp, the popular instant messaging application, has recently introduced a new security feature known as “Device Verification” to prevent malware from affecting users’ accounts on their mobile devices.
According to a statement by the company, mobile device malware poses a significant threat to user privacy and security, as it can use the victim’s WhatsApp account to send spam and phishing links without their consent.
The Device Verification feature aims to prevent account takeover attacks by blocking unauthorized connections and allowing users to continue using the app without interruption. An authentication challenge that serves as an “invisible ping” from the server to the user’s device and a cryptographic nonce to determine whether WhatsApp clients contact the server for incoming messages are used to do this.
The security token, modified each time a client receives an offline message, must be sent whenever a client connects to the server. An authentication challenge is considered unsuccessful if the client responds from a different device, indicating a suspicious connection from an attacker. In such cases, the connection is blocked.
WhatsApp has already rolled out the Device Verification feature to all Android users and is deploying it to iOS users. It is a component of a larger set of enhancements designed to authenticate and verify users’ identities, such as displaying alerts when migrating an account from one device to another.
Another new feature introduced by WhatsApp is “Key Transparency,” which automatically confirms whether chats are end-to-end encrypted without requiring additional user action. This is achieved by implementing an Auditable Key Directory (AKD) based on existing protocols like CONIKS and SEEMless, which allows users to verify their conversation security by validating the encryption key’s authenticity.
WhatsApp’s Device Verification and Key Transparency features represent significant advancements in mobile device security, and users are encouraged to update their apps to take advantage of these features.