• Thu. Oct 12th, 2023

WhatsApp Adds Gadget Verification to Avoid Account Takeover Attempts

Avatar photo

ByEsme Greene

Apr 28, 2023
WhatsApp Adds Gadget Verification to Avoid Account Takeover Attempts
Esme Greene
Latest posts by Esme Greene (see all)

On April 13th, WhatsApp released an updated secure authentication function that will prevent viruses from affecting users’ accounts while it’s active on their devices.

What’s actually the aim of this account verification feature?

The intention is to prevent attackers from using malware to hack target accounts and steal their WhatsApp cryptographic keys in order to spam or phish other contacts under the guise of those victims.

A cryptographic nonce to define whether a WhatsApp client is calling up the server to recover new messages, an authentication struggle that serves as an “invisible ping” from the server to a user’s phone, and a security token that is currently deployed on the device are all utilized to accomplish this.

To help the server spot potentially shady connections, the client must submit the security token each time it links to the server. Each time the client retrieves an offline notification from the server, the security token is changed.

When a client replies to an authentication request from a different phone, supposing a strange connection coming from a hacker, the authentication challenge is deemed to have failed. As a result, the link is obstructed.

The procedure is repeated “a few more times” in the absence of a client response, and if the client still doesn’t react after that, the contact will be closed.

Attaullah Baig and Archis Apte from Meta stated that these three factors “help avoid malware from gaining the authentication password and accessing the WhatsApp server from outside the owners’ device.”

According to WhatsApp, iOS users will soon be able to use Device Verification after it has been made available to all Android smartphones.

The functionality is a part of a bigger set of new features designed to verify and authenticate users’ identities, such as alerts that sound when a WhatsApp account is intended to be transferred from one device to another.

 
Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.