Thankfully, WhatsApp is taking proactive measures to tackle this issue and bolster its security features. To enhance user account security, WhatsApp, which is owned by Meta, will introduce a set of new security tools that make it extremely challenging for cybercriminals to compromise accounts.
Account Protect: Currently, when switching to a new device, WhatsApp requires users to enter a one-time password (OTP) sent to their phone number for authentication. However, if two-step authentication is not activated, a cybercriminal could easily compromise a user's WhatsApp account using a SIM swap attack or by obtaining the OTP through other means. To prevent this, WhatsApp has introduced 'Account Protect', a security feature designed to thwart unauthorized access attempts.
Account Protect is a security check that WhatsApp may require when you switch your account to a new device. The check involves verifying the change on your old device, serving as an added layer of security to alert you to any unauthorized attempts to move your account to a different device. A screenshot of the alert is shown in the above image.
Device Verification: This feature serves to verify your account and shield you in the event of device compromise. This measure helps to prevent the unauthorized use of your WhatsApp account to send unsolicited messages, as well as thwarting malware attacks that exploit mobile devices without permission. With 'Device Verification', account takeover (ATO) attacks can be avoided. If an attacker tries to gain access to your account, Device Verification blocks their connection, ensuring that you can still utilize your WhatsApp account without any interruptions.
Automatic Security Codes: WhatsApp has introduced an automatic cryptographic security feature that verifies secure connections based on key transparency. Unlike device verification, this feature does not require any additional actions or steps from users.
With this feature, verifying a secure connection between users and their intended message recipients becomes a simplified process. Until now, only the most cautious WhatsApp users had access to the security code verification feature to authenticate their conversation partner. However, the latest update aims to democratize secure messaging by automatically verifying the connection's security, without any intervention from users. Based on the "Key Transparency" process, this feature enables users to automatically validate that their conversations are secure, providing an extra layer of protection to safeguard their privacy.
Key Transparency: For a while now, WhatsApp has allowed users to verify if their chats are end-to-end encrypted by checking the security code. Unfortunately, this process is laborious and demands scanning a QR code and matching its contents with the receiver or manually validating that the 60-digit hash key is identical for both parties. Fortunately, the messaging service is streamlining this procedure with the introduction of ‘Key Transparency’.
Previously, users had to manually verify that they were communicating with the correct recipient by going to the encryption tab within a contact's information. However, WhatsApp has introduced Key Transparency that allows for automatic verification of secure connections. With this new feature, users can simply click on the encryption tab and instantly verify that their private conversations are securely encrypted, without the need for manual verification.
A new open-source library-based Auditable Key Directory is currently under development by WhatsApp. This feature will allow users to automatically verify the authenticity of their encryption key, and will provide the ability for anyone to validate audit-proofs of the directory's accuracy.
"At WhatsApp, we believe that your messages should be as private and secure as an in-person conversation. Protecting your personal messages with default end-to-end encryption is the foundation of that security," the messaging app said in a statement. These features are expected to be rolled out to all WhatsApp users across the world in the coming months.
Aside from the newly introduced security features, WhatsApp provides users with additional security measures such as two-step verification and end-to-end encrypted backups that they can enable on their own. WhatsApp encourages users to spread the word about these security options to help more individuals safeguard their messaging privacy. The primary objective of these security features is to provide users with increased control over their messages and privacy. WhatsApp is committed to continually developing new tools that can further strengthen its platform's security.