In January 2020, the phone of Amazon owner Jeff Bezos was trapped when he unknowingly received a malicious video on his WhatsApp account. Then most of us thought about the security of our phone and how easily we could be the target of an attack.
There are many tips that could be given as well as tools and techniques that could be used to protect the 2 billion WhatsApp users from cyber criminals.
The truth, however, is that if a malicious hacker sets out to achieve his goal, there isn't much we can do about it. except από το να προσπαθήσουμε να προστατευθούμε όσο καλύτερα μπορούμε… ελπίζοντας ότι έτσι οι δράστες θα προpricethey eventually hit another, less protected target.
But according to him Jake Moore Security Specialist στην ESET UK, στην περίπτωση του WhatsApp, υπάρχει κάτι περισσότερο που μπορούμε να κάνουμε για να προστατέψουμε το λογαριασμό μας και αφορά στην πρόσβαση που μπορεί να έχει κάποιος τρίτος στη συσκευή του τηλεφώνου μας όσο βρίσκεται στον ίδιο χώρο με εμάς.
Moore's finding is based on this: WhatsApp messages are already encrypted, but the key encryptions is found on both devices used in a conversation. So if someone has direct access to an unguarded mobile phone device they can also gain access to the other person's WhatsApp account.
Moore verified this theory by doing an experiment. One day, while at the company's offices, he installed WhatsApp on an extra phone he had, and when he saw a colleague leave her seat to make coffee, leaving her phone unattended on her desk, Moore typed immediately her phone number to his new WhatsApp account. A message appeared on the colleague's device with code confirmation. Moore sneaked past her desk, looked at the code, and then typed it into the verification field on his backup phone… And just like that, he gained control of his colleague's WhatsApp account.
This means that she could if she wanted to see all her conversations in the application but not her messages. Moore then spotted a chat group called "The Hunz," to which he sent a "Hello!" Message. I had an unbelievably bad day λώ please send me memes! ” and of course he received a number of cute responses from his colleague's unsuspecting friends.
When his colleague returned to her office with her latte, she was unaware that at that time Moore was exchanging WhatsApp messages with her friends. A few minutes passed before he looked at it phone her. "Strange" he said out loud "for some reason I got a code from WhatsApp." He hesitated for a moment and then… he just deleted it.
Moore immediately informed his colleague of his experiment, logged out of her account and then instructed her on what she could do in the future to avoid such an attack.
According to ESET Security Specialist, here is what you can do to prevent such an attack
• First you should disable the preview of SMS messages. This may sound obvious, but many people want to read their messages quickly. Many, when using two-step authentication (aka two-factor authentication) without the use of a special authentication application (authenticator app), they receive the codes via SMS. If the preview of SMS messages is activated, then these codes are automatically displayed on the screen even if the device is locked. In such a case, if the user has left the device unattended, the messages can be read by a malicious third party in the same area.
• Δεύτερο, δεν πρέπει ποτέ να αφήνετε το κινητό σας τηλέφωνο ή κάποια άλλη συσκευή αφύλακτη. Αρκετοί άνθρωποι κοιμούνται καθώς ταξιδεύουν στο τραίνο ή το airplane having their phone next to them, or even going to the bathroom leaving the device in place.
We must remember that there are many suspicious people in the workplace and even if you trust your colleagues, there is always the risk that a third person who is in the same place as you will seize the opportunity to attack. So it is best to never leave your device unattended.
• Finally, there is an even better way to protect your account. WhatsApp application has a simple procedure for two-step verification.
◦ Για να ενεργοποιήσετε τη διαδικασία ταυτοποίησης δύο βημάτων αρκεί να μπείτε στην εφαρμογή και να ακολουθήσετε τη διαδρομή Ρυθμίσεις (settings) > Λογαριασμός (Account) > Two-Step verification και να επιλέξετε Enable.
. You will then be asked to enter a six-digit code that you will need to remember in the future.
. Immediately after you will be asked to provide an email address to reset your account in case you forget your password.
Finally, you will receive a confirmation that the two-step identification process has been activated on your phone, making it much more difficult for someone to access your account or transfer messages to another device.
You do not need to use your password every time you open the application. This process, however, will help you to enjoy technology safely from now on.