WhatsApp new features to prevent account theft here are all the details

althoughWhatsApp has introduced new security features: Device Verification, Account Protection, Automatic Security Codes. The aim is to ensure greater security of your account and confidentiality of the data exchanged in chat. Here’s what they are and how they work

Whatsapp’s new privacy features

Popular instant messaging app WhatsApp has introduced three new security features : called Device Verification , Account Protection and Automatic Security Codes , they will serve to strengthen the defense against account takeovers through malware .

“Mobile malware is one of the biggest threats to people’s privacy and security today, because it can exploit your phone without your permission and use your WhatsApp account to send unwanted messages,” the Meta-owned company said in the announcement introducing the new security features.

Table of Contents

Device Verification: What It Is and How It Works
How Account Protection Works on WhatsApp
What are Automatic Security Codes?
Device Verification: What It Is and How It Works
The main new feature introduced by WhatsApp to improve the security of the app is the Device Verification feature , designed to help prevent account takeover attacks (ATO) aimed at stealing credentials.

WEBINAR
[Webinar] Discover your role in the future of compliance. Join the webinar!

Identity & Access Management
Data protection

Read the privacy policy

The feature should be able to block a threat actor from accessing the device and thus prevent any malware from accessing data from other installed apps without the user’s authorization, stealing confidential information, and gaining control of the victims’ WhatsApp accounts, impersonating them and then distributing spam and malicious links to contacts in the address book.

The Device Verification feature is based on the use of three different security parameters:

a security token that is stored locally on the device on which WhatsApp is installed;
a nonce (number used once) , which is a numeric value used only once when connecting to the server and which allows you to identify whether a WhatsApp client is contacting the server to retrieve incoming messages;
an authentication challenge that acts as an “invisible ping” from the server to the user’s device.
As we know, to ensure the security of communications, WhatsApp uses end-to-end encryption which, thanks to an authentication key, allows each device to connect to the server and establish a reliable connection, without the user having to enter passwords, PINs or login credentials.

With the new security feature

every time the client connects to the server it will send the security token so that potentially suspicious connections coming from a device other than the one registered by the legitimate user who uses WhatsApp will be detected.

The same security token will also be updated every time an offline message is retrieved from the server.

If the authentication challenge detects suspicious activity from an attacker, the connection to the server is immediately blocked, effectively preventing account theft.

The use of this new security procedure should therefore prevent “malware from stealing the authentication key and connecting to the WhatsApp server from outside the user’s device,” reads the technical document published by researchers Attaullah Baig and Archis Apte of Meta (which, as we know, owns WhatsApp).

Additionally, the new Device Verification netherlands whatsapp number data feature activates automatically without requiring any user interaction and allows you to secure a device even if it has already been compromised.

The new Device Verification feature is now available for all Android users and is now rolling out to iOS users.

How Account Protection Works on WhatsApp

 

The second of three new security features introduced in WhatsApp is called Account Protection , which allows for a double check of beware of unrecognized hacking threats from within the office security when WhatsApp accounts are linked to new devices, warning users of unauthorized account transfer attempts.

In practice, as we know. WhatsApp allows you to transfer an account to a new device by inviting the user to follow a specific guided procedure.

The new feature adds an additional security check that will ask the user to confirm on the old device. Whether they actually want to transfer their in the first place account to another device. As the account would then be deactivate and delete from the old phone.

What are Automatic Security Codes?

WhatsApp’s latest new security feature dating data is call Automatic Security Codes. Which automates the security code verification process that. WhatsApp has long used to verify that the recipient of your messages is who they claim to be.

To simplify this verification, the new Automatic Security Codes feature uses the Key. Transparency feature and the open-source Auditable Key. Directory (AKD) library based on existing protocols like CONIKS and SEEMless to allow. WhatsApp although clients to automatically validate users’ cryptographic keys and verify whether end-to-end encryption is enable.

“Our security-conscious users have always had access to our security code verification feature. Which helps ensure you’re chatting with the intended recipient. WhatsApp said in a release announcing the new security feature. This means that when you click the encryption tab, you can instantly verify that your personal conversation is protect.”