In January 2020, the phone of Amazon owner Jeff Bezos was trapped when he unknowingly received at account of WhatsApp a malicious video. Then most of us thought about the security of our own phone and how easily we could become the target of an attack.
There are many tips that could be given as well as tools and techniques that could be used to protect the 2 billion WhatsApp users from cyber criminals.
The truth, however, is that if a malicious hacker sets out to achieve his goal, there is not much we can do other than try to protect ourselves as best we can; hoping that the perpetrators will eventually prefer to hit someone else. less protected target.
But according to him Jake Moore Security Specialist at ESET UK, in the case of WhatsApp, there is more we can do to protect our account and access third parties to our phone device while in the same space as us.
Moore's finding is based on the following: WhatsApp messages are already encrypted, but the encryption key is on both devices used in a conversation. So, if one has direct access to an unprotected mobile device, one can also access the other's WhatsApp account.
Moore verified this theory by doing an experiment. One day, while at the company's offices, he installed WhatsApp on an extra phone he had, and when he saw a colleague leave her seat to make coffee, leaving her phone unattended on her desk, Moore typed immediately her phone number to his new WhatsApp account. One appeared on the colleague's device message with the confirmation code. Moore sneaked past her desk, looked at the code, and then typed it into the verification field on his backup phone… And just like that, he gained control of his colleague's WhatsApp account.
That means he could if he wanted to see all her conversations on application but not her messages either. Then, Moore found a chat group called "The Hunz", to which he sent a message along the lines of "Hey there! I had an incredibly crappy day… please send me memes!” and of course received a series of cute responses from his colleague's unsuspecting friends.
When his colleague returned to her office with her latte, he did not know that at that time Moore was exchanging WhatsApp messages with her friends. It was a few minutes before she looked at her phone. "Strange," he said loudly, "for some reason I received a WhatsApp password." He hesitated for a while and then just deleted it.
Moore immediately informed his colleague of his experiment, logged out of her account and then instructed her on what she could do in the future to avoid such an attack.
According to ESET Security Specialist, here is what you can do to prevent such an attack
• First you should disable the preview of SMS messages. This may sound obvious, but many people want to read their messages quickly. Many, when using two-factor authentication (also known as two-factor authentication) without using a special authenticator app, receive the codes via SMS. If the preview of SMS messages is activated, then these codes are automatically displayed in the screen even if the device is locked. In such a case, if the user has left the device unattended, the messages can be read by a malicious third party in the same area.
• Second, you should never leave your mobile phone or other device unattended. Many people fall asleep while traveling on the train or plane with their phone next to them, or even go to the bathroom leaving the device in place.
We must remember that there are many suspicious people in the workplace and even if you trust your colleagues, there is always the risk that a third person who is in the same place as you will seize the opportunity to attack. So it is best to never leave your device unattended.
• Finally, there is an even better way to protect your account. WhatsApp application has a simple procedure for two-step verification.
◦ To activate the two-step authentication process, just log in to the application and follow the path Settings> Account> Two-Step verification and select Enable.
. You will then be asked to enter a six-digit code that you will need to remember in the future.
. Immediately after you will be asked to provide an email address to reset your account in case you forget your password.
Finally, you will receive a confirmation that the two-step identification process has been activated on your phone, making it much more difficult for someone to access your account or transfer messages to another device.
Δε χρειάζεται να usesτε τον κωδικό σας κάθε φορά που ανοίγετε την εφαρμογή. Αυτή η διαδικασία, όμως, θα σας βοηθήσει να απολαμβάνετε από εδώ και στο εξής την τεχνολογία με ασφάλεια.
