In January 2020, Amazon owner Jeff Bezos’ phone was trapped when he unknowingly received a malicious video on his WhatsApp account. Then most of us thought about the security of our own phone and how easily we could be the target of an attack.
There are many tips that could be given as well as tools and techniques that could be used to protect the 2 billion WhatsApp users from cybercriminals. The truth is, though, that if a malicious hacker manages to hit his target, there’s not much we can do but try to protect ourselves as best we can, hoping that the perpetrators will end up hitting someone else. less protected target.
However, according to Jake Moore Security Specialist at ESET UK, in the case of WhatsApp, there is more we can do to protect our account and access that can be accessed by a third party on our phone while it is on the same place with us.
Moore’s finding is based on the following: WhatsApp messages are already encrypted, but the encryption key is located on both devices used in a conversation. So, if one has direct access to an unguarded mobile phone device, one can also access the other’s WhatsApp account.
Moore validated this theory by conducting an experiment. One day, while she was at the company’s offices, she installed WhatsApp on an extra phone she had, and when she saw a colleague leave her place to make coffee, leaving her phone device unattended in her office, Moore typed it. immediately her phone number in his new WhatsApp account. A message with the confirmation code appeared on the colleague’s device. Moore discreetly walked over to her office, looked at the code, and then typed it in the verification field on his backup phone… And so he just took control of his colleague’s WhatsApp account.
This means that she could if she wanted to, see all her conversations in the application but not her messages. Then, Moore spotted a chat group called “The Hunz”, in which he sent a message like “Hello! I had an incredibly bad day… please send me memes!” and of course he received a series of cute answers from his colleague’s unsuspecting friends.
When his colleague returned to her office with her latte, she did not know that at that time Moore was exchanging messages on WhatsApp with her friends. A few minutes passed before she looked at her phone. “Strange,” he said out loud, “for some reason I got a password from WhatsApp.” He hesitated for a moment and then just deleted it.
Moore immediately informed his colleague of the experiment, disconnected from her account, and then guided her to what she could do in the future to avoid such an attack.
According to the ESET Security Specialist, here’s what you can do to avoid such an attack.
- You will first need to disable the SMS preview. This may sound obvious, but many people want to read their messages quickly. Many, when using two-factor authentication (also known as two-factor authentication ) without using a special authentication app, receive the passwords via SMS. If SMS previews are enabled, then these codes will automatically appear on the screen even if the device is locked. In such a case, if the user has left the device unattended, the messages can be read by a malicious third party who is in the same place.
- Second, you should never leave your cell phone or other devices unattended. Many people sleep as they travel on the train or plane with their phone next to them, or even go to the bathroom leaving the device in place. We must remember that there are many suspicious people in the workplace and even if you trust your colleagues, there is always the risk that a third person who is in the same place with you will seize the opportunity to attack. So it’s best to never leave your device unattended.
- Finally, there is an even better way to protect your account. The WhatsApp embodiment has a simple process for the verification of two steps ( two-step verification ).
- To activate the two-step authentication process, all you have to do is enter the application and follow the path Settings> Account> Two-Step verification and select Enable.
- You will then be asked to enter a six-digit code that you will need to remember in the future.
- Immediately afterward you will be asked to provide an email address to restore the account in case you forget your password.
- Finally, you will receive a confirmation that the two-step authentication process has been activated on your phone, so it will be much more difficult for someone to access your account or transfer the messages to another device.
You do not need to use your password every time you open the application. This process, however, will help you enjoy the technology safely from now on.