In January 2020, the phone of Amazon owner Jeff Bezos was trapped when he unknowingly received it in his account WhatsApp a malicious video. Then most of us thought about the security of our phone and how easily we could be the target of an attack.
There are many tips that could be given as well as tools and techniques that could be used to protect its 2 billion users. WhatsApp by cyber criminals.
The truth, however, is that if a malicious hacker sets out to achieve his goal, there is not much we can do other than try to protect ourselves as best we can; hoping that the perpetrators will eventually prefer to hit someone else. less protected target.
But according to him Jake Moore Security Specialist at ESET UK, in his case WhatsApp, there is more we can do to protect our account and it concerns the access that a third party can have to our phone device while it is in the same space as us.
Moore's finding is based on the following: messages in WhatsApp are already encrypted, but the encryption key is found on both devices used in a conversation. So, if someone has direct access to an unattended mobile device, they can also access their account. WhatsApp the other 's.
Moore verified this theory by conducting an experiment. One day, while he was at the company's offices, he installed it WhatsApp on an extra phone he had and when he saw a colleague leave her place to make coffee leaving her phone unattended in her office, Moore immediately typed her phone number into his new account WhatsApp. A message with the confirmation code appeared on the colleague's device. Moore discreetly walked through her office, looked at the password, then entered it in the verification field on his backup… And so he just gained control of the account WhatsApp of his colleague.
This means that she could if she wanted to see all her conversations in the application but not her messages. Moore then spotted a chat group called "The Hunz," to which he sent a "Hello!" Message. I had an incredibly bad day… please send me memes! ” and of course he received a series of cute responses from his colleague's unsuspecting friends.
When his colleague returned to her office with her latte, he did not know that at that time Moore was texting WhatsApp with her friends. It was a few minutes before she looked at her phone. "Strange," he said loudly, "for some reason I got a code from WhatsApp». He hesitated for a while and then just deleted it.
Moore immediately informed his colleague of the experiment he had done, logged out of her account and then instructed her on what she could do in the future to avoid such an attack.
According to ESET Security Specialist, here's what you can do to prevent such an attack
• You must first deactivate the SMS message preview. This may sound obvious, but many people want to read their messages quickly. Many, when using two-factor authentication (also known as two-factor authentication) without the use of a special authentication app (authenticator app), receive the codes via SMS. If SMS preview is enabled, these codes are automatically displayed on the screen even if the device is locked. In such a case, if the user has left the device unattended, the messages can be read by a malicious third party located in the same area.
• Second, you should never leave your mobile phone or other device unattended. Many people fall asleep while traveling on the train or plane with their phone next to them, or even go to the bathroom leaving the device in place.
We must remember that there are many suspicious people in the workplace and even if you trust your colleagues, there is always the risk that a third person who is in the same place as you will seize the opportunity to attack. So it is best to never leave your device unattended.
• Finally, there is an even better way to protect your account. The application WhatsApp has a simple two-step verification procedure.
◦ To activate the two-step authentication process, all you have to do is log in to the application and follow the path Settings> Account> Two-Step verification and select Enable.
. You will then be asked to enter a six-digit code that you will need to remember in the future.
. Immediately after you will be asked to provide an email address to reset your account in case you forget your password.
, Finally, you will receive a confirmation that the two-step identification process has been activated on your phone, making it much more difficult for someone to access your account or transfer messages to another device.
You do not need to use your password every time you open the application. This process, however, will help you enjoy technology safely from now on.