He WhatsApp account theft it is a practice that has gained strength in many countries Latin America, mainly in Mexico. Using a phone number cloning or call forwarding technique, criminals access the user account on another device and extort money from your contacts or extract sensitive information. Although there are protection mechanisms to avoid being a victim of this crime, the company announced that it will increase security measures.
WhatsApp confirmed that it will implement new mechanisms to protect the accounts of its users. The additional layers of security will be rolled out over the next few months, without the need for people to take any action. Among them are more robust validation when you activate your account on another device and a system to verify that your smartphone is not infected with malware.
The first one is focused on users looking to migrate their account to a new device. For prevent someone from stealing your WhatsApp account and activate it on another phone, the app will ask you to verify the change on your old device. The measure is similar to what we see in applications such as Telegram, where approval is requested from the mobile where the original app is installed.
WhatsApp will also activate a system that will check if your device has not been infected by malware. The measure seeks to combat account takeover attacks (ATO) that send messages without users knowledge or permission. The verification introduces parameters that prevent malware from stealing the authentication key and connecting to the WhatsApp server outside of the user’s device.
WhatsApp will also shield conversations
While WhatsApp has end-to-end encryption, the app also will facilitate the way we visualize if a conversation is safe. Users can currently verify that they are chatting with the correct recipient by accessing the encryption tab under contact information. The company knows that this process can be cumbersome, as it requires sharing a long code of up to 60 digits.
To improve verification, WhatsApp will use a new security feature based on a process called key transparency. It uses a new Auditable Key Directory (AKD) that automatically validates that a user’s encryption key is genuine. This means that if you access the verification of codes in the encryption tab, you will no longer have to follow the process, since it will happen automatically.
Key transparency could go unnoticed by the common user who does not care about security. The aunt of the Tweety images or the friend who shares memes from 10 years ago do not look at the encryption tab. However, security code verification is a feature found in the app and those interested will always be able to access it.
WhatsApp confirmed that these security mechanisms will be rolled out over the next few months. The verification that protects against malware has already been implemented for all Android users and is in the works on iOS. On the other hand, the technology that powers the key transparency feature is already in place and is independent of the operating system.