WhatsApp today announced the introduction of several new security features, one of them called “Device Verification” and designed to provide better protection against account takeover (ATO) attacks.
Device verification prevents malware from using stolen authentication keys on infected mobile devices or via unofficial clients to impersonate accounts and use them to send fraudulent and phishing messages to people on the contact lists of targeted users.
It will automatically block attackers’ account takeover attempts via invisible back-end checks using three new parameters: a security token stored on the device, a nonce used to identify whether the client logs in to retrieve a message on WhatsApp servers, and authentication. challenge that will send an asynchronous ping to the user’s device.
“Mobile device malware is one of the biggest threats to people’s privacy and security today, as it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages,” he said. said WhatsApp.
“To prevent this, we’ve added verifications to help authenticate your account – without any action on your part – and better protect you if your device is compromised. This allows you to continue using WhatsApp without interruption.”
This feature has already been rolled out to all WhatsApp for Android users and is currently also rolling out to iOS users globally.
WhatsApp announced two more security features designed to notify users when their accounts are moved to other devices and to automatically verify security codes to confirm secure server connections.
“Account Protect” will act as an additional double check or security check when WhatsApp accounts are linked to new devices and alert you to unauthorized account transfer attempts.
“Automatic Security Codes” is a new cryptographic security feature that uses key transparency and the Verifiable Key Directory (AKD) to allow WhatsApp clients to automatically validate user encryption keys and check if end-to-end encryption is enabled.
“Our most security-conscious users have always been able to take advantage of our security code verification feature, which helps ensure you’re chatting with the intended recipient,” WhatsApp said.
“What this means for you is that when you click on the encryption tab, you can immediately verify that your personal conversation is secure.”
WhatsApp introduces end-to-end encryption 7 years ago, in April 2016, and deployed end-to-end encrypted chat backups on iOS and Android in October 2021 to block access to chat content, regardless of where it is stored.
Two months later, in December 2021, it expanded the platform’s privacy control features by adding messages that disappear by default to all new chats.
Meta, the parent company of WhatsApp, says the instant messaging and video calling platform is now used by more than two billion people in more than 180 countries.