Principal risks of using WhatsApp

On the occasion of the recent publication of the report on the principal risks of using WhatsApp, carried out by the CCN-CERT (Information Security Incident Response Capacity of the National Cryptologic Center, CCN), we wanted to highlight the main security measures in place record with this WhatsApp.

1. Avoid having our account stolen by spoofing our phone number.

Due to a severe vulnerability in GSM networks, particularly in the SS7 protocol used, among other things, for making and ending calls, it would be possible to hack a cell phone simply by knowing the phone number, causing the phone network to believe that’s the number.

Since it is a GSM network failure and not the application (it affects WhatsApp and most applications that have an SMS or a call as an identity verification method), it is not possible to explain it directly. Alternatively, CCN-CERT recommends enabling the “Show security notifications” option.

  • We open the WhatsApp application and go to the settings.
  • In Settings, click Account > Security.
  • We activate the tab to show us security notifications.

Each chat started has a unique security code that secures that chat’s communication and encrypts calls and messages from end to end.

This security code can change because a contact reinstalls the application, changes their phone, or has been the victim of an attack.

2. Prevent them from seeing our messages even if we delete them.

If we delete a message, conversation, or group. It doesn’t disappear but is marked as free and can be overwritten by another discussion in the future, but in the meantime, it’s still on our phone.

The only solution to securely delete a message or conversation that we have deleted is to uninstall and reinstall the application. We must keep in mind that any existing backup copies will not be deleted during this operation.

3. Avoid the use of public Wi-Fi networks.

When connecting to the WhatsApp application servers, sensitive information about the user is exchanged in plain text, e.g., e.g.:

  • phone operating system.
  • WhatsApp version.
  • Phone number.

Therefore, to use the application as much as possible, we must avoid using public Wi-Fi networks. If we are force to use them, it is advisable to use a VPN connection.

4. Prevent account theft through physical access.

If an attacker has physical contact with the phone, they can emulate a terminal and steal our account through SMS verification or call verification.

  • In the case of SMS verification: if an attacker gets into our phone and the SMS preview is active on the lock screen, they can read the activation message and transfer the account to another terminal.
  • When verifying by call: It’s more complicated because we can’t set a pattern to unblock calls. The only thing we tin do is assemble the numbers use by the application to make confirmation calls and block them from the terminal.

WhatsApp stores the application’s database locally on the phone, so depending on the version, if a user can access it, some tools allow decryption of the data and, therefore, access to all the information.

Impersonation using WhatsApp Web

WhatsApp Web allows us to use the messaging application from any computer through the browser. You must enter this link and scan the QR code that appears on the screen with our terminal to activate it.

Attackers use fake promotions or discounts on products to trick the victim into scanning a QR code and directly trick them into taking advantage. What this attacker is doing is stealing credentials.

Facebook like WhatsApp

When Facebook acquired WhatsApp in 2014, the creators of the application pledge that they would continue to operate independently from Facebook, stating in an official blog post that “respect for your privacy is encoding in our DNA and we built WhatsApp around that goal, so.” learn as little as possible about you.

This policy was follow until August 2016. With a new update of the application, if the user gives their consent. Their data will be transfer to Facebook and Mark Zuckerberg’s other companies for “various activities.”

Finally, we leave you some security recommendations for mobile terminals.

  • Always keep the phone locked: to prevent access to our information if the phone falls into someone else’s hands. Also, remove preview of messages.
  • Be careful with the permissions applications ask for. For example, a camera app doesn’t need permission to use the phone.
  • Know the risks of “rooting” or “jailbreaking” the terminal, as this can seriously compromise your security.
  • Disable the connections when we are not using—WiFi, Bluetooth, etc.

Also Read:- 5 apps toward running your business from your mobile

Review Principal risks of using WhatsApp. Cancel reply

Tech Dirt Blog

Published by
Tech Dirt Blog

Recent Posts

How to Choose Digital Marketing Agency?

Today, a lot of businesses collaborate with digital marketing agencies to assist them to find… Read More

September 26, 2022

Three Phases of Design Thinking

Designers, leaders, entrepreneurs, etc., frequently use design thinking techniques to solve business problems. This process… Read More

September 26, 2022

The Truth About Solana Gambling Sites

It's common to speak to Solana as Ethereum's long-term adversary. Making decentralized money more widely… Read More

September 21, 2022

The Effective Tricks and Tips to Win the Kerala Lottery

Lotteries are not something new in India. The Indian government itself has many lotteries being… Read More

September 16, 2022

Steps to Getting A Balanced Mobile Phone Plan

There are an almost infinite number of choices for cellular service plans. When choosing a… Read More

September 12, 2022

3 Tips For Successful Snapchat Marketing

When discussing social media marketing, the top platforms that come to mind are Facebook, Instagram,… Read More

August 30, 2022