On the occasion of the recent publication of the report on the principal risks of using WhatsApp, carried out by the CCN-CERT (Information Security Incident Response Capacity of the National Cryptologic Center, CCN), we wanted to highlight the main security measures in place record with this WhatsApp.
Due to a severe vulnerability in GSM networks, particularly in the SS7 protocol used, among other things, for making and ending calls, it would be possible to hack a cell phone simply by knowing the phone number, causing the phone network to believe that’s the number.
Since it is a GSM network failure and not the application (it affects WhatsApp and most applications that have an SMS or a call as an identity verification method), it is not possible to explain it directly. Alternatively, CCN-CERT recommends enabling the “Show security notifications” option.
Each chat started has a unique security code that secures that chat’s communication and encrypts calls and messages from end to end.
This security code can change because a contact reinstalls the application, changes their phone, or has been the victim of an attack.
If we delete a message, conversation, or group. It doesn’t disappear but is marked as free and can be overwritten by another discussion in the future, but in the meantime, it’s still on our phone.
The only solution to securely delete a message or conversation that we have deleted is to uninstall and reinstall the application. We must keep in mind that any existing backup copies will not be deleted during this operation.
When connecting to the WhatsApp application servers, sensitive information about the user is exchanged in plain text, e.g., e.g.:
Therefore, to use the application as much as possible, we must avoid using public Wi-Fi networks. If we are force to use them, it is advisable to use a VPN connection.
If an attacker has physical contact with the phone, they can emulate a terminal and steal our account through SMS verification or call verification.
WhatsApp stores the application’s database locally on the phone, so depending on the version, if a user can access it, some tools allow decryption of the data and, therefore, access to all the information.
WhatsApp Web allows us to use the messaging application from any computer through the browser. You must enter this link and scan the QR code that appears on the screen with our terminal to activate it.
Attackers use fake promotions or discounts on products to trick the victim into scanning a QR code and directly trick them into taking advantage. What this attacker is doing is stealing credentials.
When Facebook acquired WhatsApp in 2014, the creators of the application pledge that they would continue to operate independently from Facebook, stating in an official blog post that “respect for your privacy is encoding in our DNA and we built WhatsApp around that goal, so.” learn as little as possible about you.
This policy was follow until August 2016. With a new update of the application, if the user gives their consent. Their data will be transfer to Facebook and Mark Zuckerberg’s other companies for “various activities.”
Lotteries are not something new in India. The Indian government itself has many lotteries being… Read More