WhatsApp update brings major new security feature to check app is legitimate
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.WhatsApp has launched a new feature, named “Code Verify”, intended to improve its security.
The tool consists of a browser extension that makes sure users are really running WhatsApp – and that the code has not been tampered with an attempt to hack or otherwise attack users.
WhatsApp said it had taken the decision to introduce the new tool because of a rise in the number of people using WhatsApp Web, which allows people to access their messages through their browser. That came after the company added multi-device capability last year, meaning that WhatsApp could connect with more than one computer at any one time.
Using WhatsApp on the web means that users can keep up with messages on their computer, type using their keyboard, and more. But it also offers a new opportunity for cyber criminals to try and break into the system.
That is because while WhatsApp is able to encrypt the messages as they are sent over its system, protecting them from being read, hackers could potentially read those messages by hacking into the WhatsApp Web code itself.
Unlike the mobile app version of WhatsApp, web apps are served up straight to users – meaning that the security can be weaker and people might not even know they are being tricked.
“For years, WhatsApp has protected the personal messages you send on WhatsApp Web with end-to-end encryption as they transit from sender to recipient,” WhatsApp wrote in its announcement. “But security conscious users need to be confident that when WhatsApp Web receives these encrypted messages, it is protected as well.”
Code Verify attempts to fix that. It is installed as a web browser extension and works with internet infrastructure company Cloudflare to check that the code being run is legitimate, and that users are not being hacked.
Once it is installed, it will automatically check that code and show the result in a traffic light system. Users will be told that they are validated and safe, that there are possible risks – or that there is a validation failure and something has gone wrong with the source code.
Links to download the extensions can be found on Facebook’s website. It is currently offered for Chrome and Edge, and a Firefox version is on its way.
“This is a major step forward in combatting the fast moving uptake in SMS phishing (smishing) often used to manipulate victims into thinking they are speaking to a familiar contact,” said Jake Moore, global cyber security advisor at ESET. “However, when the majority of WhatsApp users are mobile devices rather than using the browser version, it seems odd not to push this verification update onto mobile users too.
“It is possible to add two step verification on WhatsApp but it isn’t turned on by default. It can stop attackers attempting to hijack your account and claiming to be you to your contacts so it is vital that all users implement this security feature from within the Account settings ASAP. “
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments