WhatsApp has unveiled new security features designed to better protect users against account takeover attacks. The new “c” feature automatically blocks attackers attempting to hijack accounts by using authentication keys stolen from infected mobile devices or unofficial clients.
Furthermore, it does this by using back-end checks, including a security token stored on the device, a nonce, and an authentication challenge to ping the user’s device. The feature is already available to Android users and is being rolled out worldwide to iOS users.
Additionally, WhatsApp has also introduced two other security features: “Account Protect” and “Automatic Security Codes.” Account Protect acts as an extra security check when users link their accounts to new devices, alerting them to unauthorized account transfer attempts.
Automatic Security Codes uses key transparency and the Auditable Key Directory to allow WhatsApp clients to automatically validate user encryption keys, enabling users to verify that their personal conversations are secure.
WhatsApp first introduced end-to-end encryption in April 2016 and has since rolled out encrypted chat backups and default disappearing messages. Its parent company, Meta, says the platform is used by over two billion people in more than 180 countries.
WhatsApp’s new security features aim to prevent one of the most significant threats to users’ privacy and security: mobile device malware that can use WhatsApp to send unwanted messages.
The new features provide better protection for users whose devices are compromised, allowing them to continue using WhatsApp uninterrupted.
