whatsapp features: How WhatsApp’s new security feature ‘Device Verification’ protects your account from malware

[ad_1]

Instant messaging platform WhatsApp is continuously working on updates to protect your personal messages and data on the app. To make sure your personal messages with default end-to-end encryption is protected, WhatsApp recently rolled out a new update with security features that give you extra layers of privacy and more control over your messages.

The Meta-owned social networking platform rolled out a bunch of new features including Device Verification which is a new security feature that helps prevent attackers from using vectors like on-device malware. The Device Verification requires no action or additional steps from users to protect their account.

“One of the strongest tools at our disposal is end-to-end encryption – meaning that nobody, not even WhatsApp, can read personal messages sent between users. This protects messages from interception, however, we’ve increasingly seen attackers targeting the end points of communication – mobile devices themselves – and we are increasing our security mechanisms to keep user accounts safe,” WhatsApp said in a blogpost.

The tech company has built the feature to benefit from how users read and react to messages sent to their device. “When someone receives a message their WhatsApp client wakes up and retrieves the offline message from WhatsApp server,” WhatsApp said.

The Meta-owned platform claimed that this unique process cannot be impersonated by any malware that usually steals the authentication key and tries to send messages from outside the users’ device.

WhatsApp has introduced three new parameters with the new feature Device Verification:

  • A security-token that’s stored on the users’ device
  • A nonce that is used to identify if a client is connecting to retrieve a message from WhatsApp server
  • An authentication-challenge that is used to asynchronously ping the users` device

Do You Need Device Verification?
WhatsApp uses several cryptographic keys to make sure that your communications across the app are end-to-end encrypted and protected and one of these is the authentication key that allows WhatsApp client to connect to the WhatsApp server to re-establish a trusted connection.

“This authentication key allows people to use WhatsApp without having to enter a password, PIN, SMS code, or other credential every time they turn on the app,” WhatsApp explained.

While this mechanism is secure as no third party including WhatsApp can intercept the authentication key, however, if a device is infected with malware, the authentication key can be stolen.

Malware can use the authentication key to impersonate the user and send spam, scams, phishing attempts or more to others.

Device Verification by WhatsApp helps identify these scenarios and protect the user’s account without interruption.

Apart from this, WhatsApp has also introduced another crucial security feature that double checks if it’s really you when switching from one device to a new one. Account Protect asks you to verify if it’s really you on your older phone when you switch your WhatsApp account to a new device.

This feature can help alert you to an unauthorised attempt to move your account to another device.

[ad_2]

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *