WhatsApp announced a new security measure called Device Verification which is designed to help prevent account takeover (ATO) attacks. ATO attacks happen when malware running on a user's mobile device takes advantage of the phone to steal authentication keys and hijack victim accounts. This new security measure will make it more difficult for attackers to take over accounts by introducing a security-token that's stored locally on the device. WhatsApp is one of the most popular instant messaging apps with over two billion users worldwide. The app is owned by Facebook and is a great way to stay in touch with friends and family. However, the app has been in the news recently for security concerns. In particular, there have been reports of malware that can take advantage of the app to steal authentication keys and hijack victim accounts. The new security measure, called Device Verification, is designed to help prevent these kinds of attacks. It works by introducing a security-token that's stored locally on the device. This security-token is used to identify if a WhatsApp client is contacting the server to retrieve incoming messages. If the security-token is not valid, the server will not allow the connection. This security measure will make it more difficult for attackers to take over accounts. However, it is important to remember that no security measure is 100% effective. There are always ways that determined attackers can find ways to circumvent security measures. That's why it's important to always be vigilant about the risks of using any kind of online service, including instant messaging apps.
top of page
bottom of page