In January 2020, the phone of Amazon owner Jeff Bezos was trapped όταν έλαβε εν αγνοία του στο λογαριασμό του WhatsApp ένα κακόβουλο video. Then most of us thought about the security of our own phone and how easily we could become the target of an attack.
There are many tips that could be given as well as tools and techniques that could be used to protect the 2 billion WhatsApp users from cyber criminals.
The truth is, though, that if a malicious hacker gets his way, there's not much we can do except try to protect ourselves as much as possible. better we can… hoping that this way the attackers will eventually prefer to hit some other, less protected target.
But according to him Jake Moore Security Specialist at ESET UK, in the case of WhatsApp, there is more we can do to protect our account and access third parties to our phone device while in the same space as us.
Η διαπίστωση του Moore βασίζεται στο εξής: τα μηνύματα στο WhatsApp είναι μεν ήδη κρυπτογραφημένα, όμως το κλειδί κρυπτογράφησης βρίσκεται και στις two συσκευές που χρησιμοποιούνται σε μια συζήτηση. Οπότε, αν κάποιος έχει άμεση πρόσβαση σε μια αφύλακτη συσκευή κινητού τηλεφώνου μπορεί να αποκτήσει πρόσβαση και στο λογαριασμό του WhatsApp του άλλου.
Moore verified this theory by conducting an experiment. One day, while at the company's offices, she installed WhatsApp on an extra phone device she had, and when she saw a colleague leave her place to make coffee, leaving her phone device unattended in her office, Moore typed immediately her phone number to his new WhatsApp account. A confirmation code message appeared on the colleague's device. Moore discreetly walked through her office, looked at the password, then typed it into the verification field on his backup phone… and so simply gained control of his colleague's WhatsApp account.
This means that she could if she wanted to see all her conversations in the application but not her messages. Moore then spotted a chat group called "The Hunz," to which he sent a "Hello!" Message. I had an unbelievably bad day λώ please send me memes! ” and of course he received a number of cute responses from his colleague's unsuspecting friends.
When his colleague returned to her office with her latte, he did not know that at that time Moore was exchanging WhatsApp messages with her friends. It was a few minutes before she looked at her phone. "Strange," he said loudly, "for some reason I received a WhatsApp password." He hesitated for a while and then just deleted it.
Moore immediately informed his colleague of his experiment, logged out of her account and then instructed her on what she could do in the future to avoid such an attack.
According to ESET Security Specialist, here is what you can do to prevent such an attack
• Αρχικά θα πρέπει να απενεργοποιήσετε την προεπισκόπηση μηνυμάτων SMS. Αυτό μπορεί να ακούγεται προφανές, αλλά πολλοί άνθρωποι θέλουν να διαβάζουν τα μηνύματα τους γρήγορα. Πολλοί, όταν χρησιμοποιούν ταυτοποίηση δύο βημάτων (γνωστή και ως two-factor authentication) χωρίς τη χρήση μιας ειδικής εφαρμογής ταυτοποίησης (authenticator app), λαμβάνουν τους κωδικούς μέσω SMS. Aν είναι ενεργοποιημένη η προεπισκόπηση των μηνυμάτων SMS, τότε αυτοί οι κωδικοί εμφανίζονται αυτόματα στην screen ακόμα και αν η συσκευή είναι κλειδωμένη. Σε μια τέτοια περίπτωση, αν ο χρήστης έχει αφήσει τη συσκευή του αφύλακτη, τα μηνύματα μπορούν να διαβαστούν από κάποιον κακόβουλο τρίτο που βρίσκεται στον ίδιο χώρο.
• Second, you should never leave your mobile phone or other device unattended. Many people fall asleep while traveling on the train or plane with their phone next to them, or even go to the bathroom leaving the device in place.
We must remember that there are many suspicious people in the workplace and even if you trust your colleagues, there is always the risk that a third person who is in the same place as you will seize the opportunity to attack. So it is best to never leave your device unattended.
• Finally, there is an even better way to protect your account. WhatsApp application has a simple procedure for two-step verification.
◦ To activate the two-step authentication process, it is enough to enter the application and follow the path Settings (Settings) > Account (Account) > Two-Step verification and select Enable.
. You will then be asked to enter a six-digit code that you will need to remember in the future.
. Immediately after you will be asked to provide an email address to reset your account in case you forget your password.
Finally, you will receive a confirmation that the two-step identification process has been activated on your phone, making it much more difficult for someone to access your account or transfer messages to another device.
You do not need to use your password every time you open the application. This process, however, will help you to enjoy technology safely from now on.
