- BlackBit and LokiLocker Ransomware Attacks are on the Rise in Russia - August 17, 2023
- How Can Phishing be Used to Make Governmental Services a “Profitable Business”? - August 16, 2023
- The Most Dangerous Hacker Tools and How to Detect Them - August 16, 2023
On April 13th, WhatsApp released an updated secure authentication function that will prevent viruses from affecting users’ accounts while it’s active on their devices.
What’s actually the aim of this account verification feature?
The intention is to prevent attackers from using malware to hack target accounts and steal their WhatsApp cryptographic keys in order to spam or phish other contacts under the guise of those victims.
A cryptographic nonce to define whether a WhatsApp client is calling up the server to recover new messages, an authentication struggle that serves as an “invisible ping” from the server to a user’s phone, and a security token that is currently deployed on the device are all utilized to accomplish this.
To help the server spot potentially shady connections, the client must submit the security token each time it links to the server. Each time the client retrieves an offline notification from the server, the security token is changed.
When a client replies to an authentication request from a different phone, supposing a strange connection coming from a hacker, the authentication challenge is deemed to have failed. As a result, the link is obstructed.
The procedure is repeated “a few more times” in the absence of a client response, and if the client still doesn’t react after that, the contact will be closed.
Attaullah Baig and Archis Apte from Meta stated that these three factors “help avoid malware from gaining the authentication password and accessing the WhatsApp server from outside the owners’ device.”
According to WhatsApp, iOS users will soon be able to use Device Verification after it has been made available to all Android smartphones.
The functionality is a part of a bigger set of new features designed to verify and authenticate users’ identities, such as alerts that sound when a WhatsApp account is intended to be transferred from one device to another.