More than a billion people already use WhatsApp messenger. With such a huge reach, it is not surprising that people are interested in the security of the program. How easy can attackers get too personal correspondence? How to protect yourself from such curious people? In this article, we will talk about this.
HOW TO PROTECT WHATSAPP?
The messenger, being launched on a smartphone, works on it constantly, in the background. At the same time, there are no ways to password-protect the login in it. This means that if your smartphone in an unlocked state fell into the wrong hands, then all yours are now available to the thief. The creators of WhatsApp rely on the fact that users are able to block their gadgets using Android or iOS. Therefore, the answer to the question “How to protect my WhatsApp from viewing” is this: the first thing to do is to set a reliable screen lock.
TWO-STEP VERIFICATION
Many have heard about this feature, and believe that it was just invented to increase privacy and protect correspondence from prying eyes. This is not entirely true.
The two-step test is designed to verify a new device. You can enable this feature in your WhatsApp settings, and you will be prompted to come up with a six-digit secret PIN. There will be no more changes. The application will continue to run in the background and appear on the screen without any passwords. You will encounter a two-step check when you decide to change your gadget.
For example, you bought a new smartphone and transferred WhatsApp to it. The first time you start and try to enter your account (with the old phone number ), the messenger will ask you to enter the PIN. The logic here is simple: if someone got access to your smartphone and downloaded everything from there, then he will not be able to launch WhatsApp on his device, because he does not know the code.
Thus, if you use the same smartphone, this function will not help you very much to protect your information, but it will help a lot if it is stolen from you.
DISPLAYING MESSAGES FROM WHATSAPP IN THE BROWSER
The messenger has an online version. This is a website located at web.whatsapp.com. This WhatsApp can be run in any browser, both on mobile gadgets and on a stationary computer. Working in front of a large screen, on a large keyboard, is really more convenient than poking your finger into a small screen of a gadget.
When you go to the website of the web version, you will see a QR code on the monitor screen. You have to scan it from your mobile version of WhatsApp that runs on your smartphone. After successful recognition of the code, the computer will show the actual messenger itself. And these two versions (stationary and mobile) will be synchronized with each other – all messages that you send or receive will be simultaneously displayed both on the gadget and on the monitor.
This is precisely the danger. If you lose your vigilance and your unlocked smartphone ends up in the wrong hands, then the attacker can immediately launch the web version of the messenger on his laptop (or even smartphone!) And scan the QR code on the screen with your phone. This takes less than a minute. But now all your correspondence will be synchronized with the web version of WhatsApp running on the hacker’s device.
True, in Vatsap itself there is a function for monitoring such connections. There is a WhatsApp Web / Desktop section in Settings where you can see everything. You only need to tap on the item “Log out on all computers”, and all sessions will be forcibly terminated. Don’t forget about it.
PROTECTION THROUGH SETTINGS
As already mentioned, there are practically no functions in the WhatsApp settings to protect the correspondence from the curious. But you can still do something. For example, you can customize who sees your online status. Some users will not be able to understand whether you are online now or not. You can also hide the time of the last access to the network. The most useful feature is to disable read messages. Your subscribers will not know if you saw their messages or not.
LOST SMARTPHONE LOCK
Everyone knows about this, but it is worth reminding again: in case of loss of a smartphone, you should inform the mobile operator as soon as possible so that they block the SIM card. The kidnapper will no longer be able to make phone calls . But he can use Vatsap! Because the messenger works over a Wi-Fi network, and not through a telephone operator.
Therefore, we will repeat again: do not leave your phone unattended! Do not give it to unfamiliar people. Come up with a sophisticated screen lock. Do not connect to public Wi-Fi networks unless you are sure they are reliable. All these are the simplest rules of Internet hygiene, if you follow them, the likelihood of leaking your correspondence in WhatsApp will be close to zero.
WhatsApp (WhatsApp) is the most popular messenger today for free messaging between smartphone users. The program exists for various platforms: iOS, Android, Windows, Blackberry, and even the now-defunct Symbian. The program was created in 2009 by Ian Kum and Brian Acton. In 2014, Facebook bought it for $ 19 billion. But this is, so to speak, prehistory. I will teach you how to read someone else’s correspondence in WhatsApp for free without downloading third-party programs, as well as registering and without SMS))) The method is based on social engineering and does not use any third-party and malicious software.
HACKING WHATSAPP
In March 2014, programmer Bas Boschert published instructions on how to hack WhatsApp correspondence. Its essence was that the program installed on the Android device stores a database with correspondence in open form, later the creators encrypted this data, but they were also easily decrypted. Given the popularity of this program, there is no doubt that there will be many people who want to access their accounts and read other people’s correspondence.
ADDENDUM REGARDING ENABLING ENCRYPTION IN WHATSAPP
In April 2016, Jan Kum announced that messages from all WhatsApp users, as well as group chats, were now encrypted using the “ end-to-end encryption ” method, ie. Users’ messages and voice calls cannot be intercepted by third parties (hackers, criminals, security forces, intelligence, etc.) This is certainly all great, but WhatsApp followed the Telegram path. I think the catalyst for this decision was the precedent with Apple, which was forced by the FBI to hack the iPhone of terrorists from San Bernardino.
The method of reading someone else’s correspondence , which is indicated on this page, is based on the method of social engineering and it does not matter here whether encryption is included in WhatsApp or not. Encryption protects against interception of messages, but not when there is direct access to the phone . Therefore, in order to protect your WhatsApp account from hacking, always set a password for it (to unlock it or to launch a specific application).
To enable encryption in WhatsApp anything special you do not need. Update your program to the latest version. In order for a conversation between two subscribers to be encrypted, both interlocutors must have the latest version of WhatsApp installed.
I wrote about encryption separately.
MY INSTRUCTIONS FOR HACKING WHATSAPP
This is not even a Whatsapp hack in its usual sense. Hacking involves the use of third-party programs, viruses, Trojans, etc. I’ll just teach you how to read someone else’s correspondence. For this, the developers themselves have released such a function as the web version. With certain settings, it can be used for your own selfish purposes. Access to the victim’s phone is required, at least for 30-60 seconds.
1. The first thing we need is to open our personal PC and go to the page https://web.whatsapp.com/ There must be a “stay logged in” bird.
2. The second is the phone, the correspondence from which you want to read. Open WhatsApp go to the menu and select the WhatsApp Web item. It is in this place that those same 30-60 seconds are needed, during which it is necessary to have time to scan the QR code on the computer screen with a smartphone camera. The code changes every minute, so there is little time to think.
Important! Access to the WhatsApp account, and therefore reading the correspondence, is possible only when the smartphone itself is connected to the Internet. If it is offline, there is no synchronization between the phone and the computer.
This information was written by me purely for information purposes. Take care of your phones or put a password on them, as I do.
To protect your Android smartphone from hacking, which is described above, I recommend installing. With it, you can put a password to launch any application, the same WhatsApp will not start until you enter the correct password.
HOW TO START A WHATSAPP WEB SESSION ON YOUR PHONE
Good news, comrades! Finally, it became possible to launch a WhatsApp Web session on your phone. If earlier, when you tried to open the code scan page in a mobile browser, you were automatically thrown into the application, now there is an opportunity to bypass this limitation. How?
Download an app called Whatscan for Whatsweb from PlayMarket or AppStore. Launch it, you will see the usual window for scanning the QR code. The application takes over the role of a browser on the computer. Having scanned this code from the “victim’s” phone, you can read her messages without being tied to the computer, ie. directly from the screen of your smartphone.
How well the application works, write in the reviews. So far, this is the only way to read another person’s WhatsApp correspondence from your phone.
HOW TO FIND OUT PASSWORDS FROM MAIL AND PAGES ON VK AND OK SOCIAL NETWORKS.
If you want to go even further and find out other people’s passwords from accounts on VKontakte, Odnoklassniki, mail, etc. look. The method is 100% working and tested. We read carefully, strictly follow the instructions. We ask questions ONLY after reading.
CHECKING CHANGES WITH GETCONTACT
The new GetContact app at the end of February is literally “. By installing a small program on your phone, you can search for information about unknown numbers from the general database, which is replenished by the same users as you. The original idea of the program is to fight spam. But if in analogs, users themselves mark this or that number as spam, but GetContact, without asking, pumps out the ENTIRE phone book into a common database that EVERYONE can see. Punching the number you see how it is recorded in the phone books of different people.
But what if a man is recorded under a woman’s name? Or is the woman recorded under the masculine? A reason to think. Learn how to remove yourself from the GetContact database.Buried deep in the settings is the function of displaying active sessions from desktops
For Facebook, the owner of WhatsApp, WhatsApp Web is just an option, but security experts see it as a threat. Through it, users can open the contents of all saved messages in a web browser, read any chat from there, and even send new messages.
However, this opportunity can become a trap: it is enough to leave an unlocked phone unlocked at the workplace for a short time so that an envious colleague can scan a special QR code on web.whatsapp.com with your device. To expose this kind of espionage, open WhatsApp and go to Settings. Here select the line “WhatsApp Web / Desktop”. You will see a list of active connections. By clicking on the line “Log out from all computers” you end all sessions.
To protect yourself from such peeping in the future, turn on a screen lock on your phone. After that, you can not be afraid that someone unnoticeably reads the QR-code on the computer with your device and will gain access to the correspondence.
Soomz (soomz.io) for about 600 rubles. offers a set of three covers per camera. With their help, you will secure your device.
In addition, malware can also interfere with your WhatsApp. For example, it allows criminals to secretly take pictures. Use the webcam cover for protection.
This way you can be sure that no manipulations have been carried out with the program and that it will not immediately start sending the contents of messages to web spyware.
CHECKING ENCRYPTION KEYS
When the encryption keys are changed, the WhatsApp user starts to sound the alarm.
End-to-end encryption is provided for WhatsApp correspondence. The keys needed for it are stored directly on the devices. With the help of them, WhatsApp encodes information and sends it to the recipient.
Experts, however, have figured out a method to bypass such encryption. They simply change the key on the recipient’s device so that they can read the message in a man-in-the-middle attack.
The messenger settings are to blame for the fact that the user has neither a rumor nor a spirit about it. Facebook prioritizes comfort over safety and does not advertise changes. However, it is possible to activate notifications about the change of the used key. She hides in the settings.
notification about the lack of encryption, the corresponding function must be enabled in the settings
To enable notifications, launch WhatsApp and go to Settings. From there open “Account | Safety”. Activate the option “Show security notifications”.
If the recipient’s key then changes, you will know. However, such a change does not necessarily indicate an attack.
It is likely that the recipient simply linked their new phone to their WhatsApp account . And in this case, the encryption code will be different. When in doubt, the easiest way is to ask the other person what happened.
Encryption for all users
WhatsApp, a subsidiary of Facebook, has enabled end-to-end encryption of messages for all users of its messenger, Wired reported. Encryption applies to any data, be it text messages, images, video, audio or voice calls – and it works, including in group chats.
WhatsApp is the most popular messenger in the world, which introduced end-to-end encryption. The messenger Telegram Pavel Durov this feature was present initially. Telegram has an active audience of about 100 million users, while WhatsApp has about 1 billion. The only messaging service in which the number of users exceeds 1 billion is Facebook, which has an audience of 1.5 billion people.
End-to-end encryption
End-to-end encryption means that the message is encrypted all the way from sender to receiver. The key, with which the message can be decrypted, is only with the addressee. WhatsApp does not own it, that is, it will not be able to transfer it to the authorities, even if they insist on it.
Phased introduction of technology
Encryption in WhatsApp came in stages. In 2014, the company equipped its Android app with end-to-end encryption. Thus, since 2014, users have already exchanged encrypted messages, but only within the same platform.
End-to-end encryption is now available to all WhatsApp users
Now it has become available to owners of devices running iOS, Windows Phone, Nokia S40, Nokia S60, BlackBerry OS and BlackBerry 10. To take advantage of the new feature, you need to install the latest version of the WhatsApp application.
Authentication
WhatsApp users who have installed the latest version of the client will have access to the option to authenticate the interlocutor. To do this, you will need to compare the digital code on your screen and the code on the interlocutor’s screen or let the interlocutor use the camera on the mobile device to read the QR code from the screen of the user initiating the connection. After that, a note will appear in the chat that the connection is fully encrypted.
WhatsApp has become the largest messenger with end-to-end encryption
Protocol used
WhatsApp’s partner in implementing the new feature was Open Whisper Systems, the developer of the Signal mobile app, Edward Snowden’s favorite messenger, who in 2013 handed over to journalists a large number of classified documents revealing the often illegal activities of the US National Security Agency, in which he worked as a system administrator.
Encryption in Signal – and now in WhatsApp – is based on the Signal Protocol. It is an open source asynchronous protocol. It, in turn, was created based on the Off-the-Record (OTR) Messaging Protocol. One of the key properties of OTR – and, as a consequence, Signal Protocol, is the so-called “forward secrecy”, which is also called “perfect forward secrecy” (perfect forward secrecy).
Unlike the popular email encryption protocol PGP, for example, in which messages are encrypted over and over with the same public key, forward secrecy uses new keys for each session. Therefore, if someone records encrypted traffic for years in the hope of decoding it one day, in the case of forwarding secrecy, they are doomed to fail.
Open Whisper Systems is the developer of the Signal messenger and the secure communication protocol of the same name, which is also used in WhatsApp. In her blog, the presence of a vulnerability in WhatsApp and explained the recent, a feature of the implementation of the Signal protocol, namely the mechanism for authenticating the participants in the correspondence.
WhatsApp, like all Signal-based systems, uses asymmetric encryption (public and private key ) to protect communications. This encryption works as follows:
- A public and private key is generated on your device. Using the public key, it is possible to encrypt a message, but only the owner of the private key can decrypt the message.
- Your public key is distributed through the WhatApp server to all your contacts, in the same way, you receive the public keys of all your contacts. The private key remains only on your device.
- Thus, the person with whom you are communicating encrypts the message intended for you with your public key, only you can decrypt it, because the private key is only on your device.
MAN-IN-THE-MIDLE ATTACK
- When using End-To-End encryption, it is important to make sure that your contacts have the correct public keys (received from you), otherwise no one prevents the attacker from introducing himself as you, providing your interlocutor with his public key, receiving messages intended for you and forwarding them using your public key. This attack is called man-in-the-midle.
- To exclude the possibility of such an attack against you, you need to make sure that the contact with whom you are texting uses your public key to encrypt messages, and you, in turn, use your interlocutor’s public key.
HOW TO VERIFY WHATSAPP SECURITY KEYS
To perform such a check, WhatApp provides a mechanism for matching keys based on a QR code.
When meeting in person with your interlocutor, open his WhatsApp profile and select the Encryption section , to verify the public keys, scan the QR code of your interlocutor, and in the meantime he will scan yours. Unfortunately, this will have to be done with every contact.
HOW TO RECEIVE WHATSAPP SECURITY NOTIFICATIONS
To receive security notifications, in particular, that the secret code of your interlocutor has changed.
- Open WhatsApp and click on Settings .
- Click on Account and select Security .
- Here you can enable security notifications by selecting Show security notifications .
Now, if someone tries to change your public key or your interlocutor, you will receive a notification about this.
This is an excuse to stop communicating and reconcile the keys at a personal meeting, perhaps one of you changed your phone or they are trying to wiretap you.