In January 2020, the phone of Amazon owner Jeff Bezos was trapped when he unknowingly received a malicious video on his WhatsApp account. Then most of us thought about the security of our phone and how easily we could be the target of an attack.
There are many tips that could be given as well as tools and techniques that could be used to protect the 2 billion WhatsApp users from cyber criminals.
The truth, however, is that if a malicious hacker sets out to achieve his goal, there is not much we can do other than try to protect ourselves as best we can; hoping that the perpetrators will eventually prefer to hit someone else. less protected target.
But according to him Jake Moore Security Specialist at ESET UK, in the case of WhatsApp, there is something more we can do to protect our account and it involves access that a third party may have on our phone device while they are in the same space as us.
Moore's finding is based on the following: WhatsApp messages are already encrypted, but the encryption key is on both devices used in a conversation. So, if one has direct access to an unprotected mobile device, one can also access the other's WhatsApp account.
Moore verified this theory by conducting an experiment. One day, while at the company's offices, she installed WhatsApp on an extra phone device she had, and when she saw a colleague leave her place to make coffee, leaving her phone device unattended in her office, Moore typed immediately her phone number to his new WhatsApp account. A confirmation code message appeared on the colleague's device. Moore discreetly walked through her office, looked at the password, then typed it into the verification field on his backup phone… and so simply gained control of his colleague's WhatsApp account.
This means that she could if she wanted to see all her conversations in the application but not her messages. Moore then spotted a chat group called "The Hunz," to which he sent a "Hello!" Message. I had an unbelievably bad day λώ please send me memes! ” and of course he received a number of cute responses from his colleague's unsuspecting friends.
When his colleague returned to her office with her latte, he did not know that at that time Moore was exchanging WhatsApp messages with her friends. It was a few minutes before she looked at her phone. "Strange," he said loudly, "for some reason I received a WhatsApp password." He hesitated for a while and then just deleted it.
Moore immediately informed his colleague of his experiment, logged out of her account and then instructed her on what she could do in the future to avoid such an attack.
According to ESET Security Specialist, here is what you can do to prevent such an attack
• First you should disable the preview messages SMS. This may sound obvious, but many people want to read their messages quickly. Many, when using two-factor authentication (also known as two-factor authentication) without using a special authenticator app, receive the codes via SMS. If the preview of SMS messages is activated, then these codes are automatically displayed on the screen even if the device is locked. In such a case, if the user has left the device unattended, the messages can be read by a malicious third party in the same area.
• Second, you should never leave your cell phone or any other device unattended. Many people sleep while traveling on the train or the airplane having their phone next to them, or even going to the bathroom leaving the device in place.
We must remember that there are many suspicious people in the workplace and even if you trust your colleagues, there is always the risk that a third person who is in the same place as you will seize the opportunity to attack. So it is best to never leave your device unattended.
• Finally, there is an even better way to protect your account. WhatsApp application has a simple procedure for two-step verification.
◦ To activate the two-step authentication process, it is enough to enter the application and follow the path Settings (Settings) > Account (Account) > Two-Step verification and select Enable.
. You will then be asked to enter a six-digit code that you will need to remember in the future.
. Immediately after you will be asked to provide an email address to reset your account in case you forget your password.
Finally, you will receive a confirmation that the two-step identification process has been activated on your phone, making it much more difficult for someone to access your account or transfer messages to another device.
You don't need to use your password every time you open the app. This process, however, will help you enjoy it from now on technology with safety.
