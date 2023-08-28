A young man writes a WhatsApp message on his mobile. Karl-Josef Hildenbrand (Picture alliance/Getty Images)

Who is left without WhatsApp today? If someone were to access an account on the popular messaging platform, they could draw a very precise profile of the person in question: photos, messages, audio, way of writing… Our whole life passes (and stops) at the notifications of this app . Knowing this, does our information travel safely on WhatsApp?

The first thing to do is understand what happens every time you press the “send” button in WhatsApp: communication is based on a client-server model, where messages are securely encrypted and transmitted to the servers of the platform before being redirected to the receiver. This end-to-end encryption approach ensures that only the recipient can decode and read the message, ensuring a high level of privacy and security.

It is possible that conversations can be eavesdropped, but very difficult. “It’s not impossible, but it does require a great effort,” explains Ángela G. Valdés, from the INCIBE (National Institute of Cybersecurity). “Usually, it will not be a type of attack coming from cybercrime networks, but from someone close to us who has a vested interest in our communications,” he adds.

In this sense, cybercriminals, aware of the platform’s shielding, opt for deception: they pose as someone in trouble who urgently needs a code that will reach the mobile owned by the WhatsApp account holder. This point is confirmed by Valdés: “The most frequent inquiries we receive regarding risks and fraud associated with WhatsApp are, on the one hand, the theft of accounts and, on the other, false messages alluding to being a family member or friend at risk. or trouble for which they need a certain amount of money sent to them”.

In these cases, of course, you do not have to click or respond to the aforementioned messages. “As a recommendation, it is important to be wary of any link or file sent to us by WhatsApp, messages, emails or other channels,” explains Luis Suárez, a sales engineer at fortinet. “You should always keep your phone and its applications up to date and not leave it physically unattended within the reach of third parties, who can take advantage of that time to install a RAT/spyware/stalkerware client.”

How to know if the WhatsApp account is compromised? As we have pointed out, thanks to end-to-end encryption, hacking a WhatsApp account is very complex. Criminals use more surreptitious tactics that raise a disturbing question for the user: is my WhatsApp account compromised and I didn’t know? “If what the attacker is looking for is to spy on the victim, he will try by all means to go unnoticed,” says Suárez, for which he will make changes to the settings. “The last hour of connection to WhatsApp or leaving the received and read marks (double blue tick) can make the victim suspicious, so the attacker will try to change these types of settings in the configuration to go more unnoticed,” Suarez develops.

To clear up doubts, this expert recommends “regularly reviewing active sessions on WhatsApp web and closing those that are not going to be used, especially on shared computers.” But there are more clues that can alert us to a WhatsApp account that has been compromised, such as excessive battery consumption when the device is not being used. Suárez suggests checking from time to time the battery consumption monitoring systems (on Android, Settings/Battery/Battery use; on iPhone, Settings/Battery) and see if the resource consumption of each application corresponds to the use real.

The first people interested in guaranteeing the security of use in front of the eyes of others are the service providers themselves: WhatsApp offers a service that allows a quick check of account privacy. In it, the user must verify that they have two-factor verification activated, the protection of the app through biometric systems, as well as additional recommendations on privacy.

What to do to protect yourself

As we have pointed out before, WhatsApp is a very secure platform, but it is not impregnable. However, the user can raise the bar of security to the highest level by following the tips below:

Keep the software always updated to the latest version: This is a recommendation that is repeatedly repeated by both developers and platforms. For what reason? The developers work tirelessly to patch possible weaknesses in the system and updated software will have “the version with the latest corrected vulnerabilities”, as recommended by Juan Manzano, from stratesys. This expert recalls two important vulnerabilities detected and solved in the platform, which “allowed attackers to execute code remotely using a function of the whastup component Video File Handler”. “One of them (CVE-2022-36934) during a manipulated video call and the other (CVE-2022-27492) through a malicious video file,” she specifies.

Avoid clicking links or sending codes: As is usual in cybersecurity, once the latest version of the platform is installed, the next protection barrier (and the most important) will be prudence and common sense. The maximum, in this sense, is never to click on links, unless you are certain of the authenticity of the sender. These malicious links are avoided with common sense, but if they are clicked inadvertently, there is still one last protection: malware detection systems. malware (malware). Manzano recommends installing an application antimalware “to protect the phone from malware and attacks, keeping it updated and in continuous protection so that it can detect these elements”. “In this way, if we mistakenly open a malicious element from WhatsApp, the system antimalware will have the opportunity to detect and block it,” he says.

Protect WhatsApp with a password and not leave your mobile: Friends of others are well aware of the weaknesses of the human being, and one of them is overconfidence: leaving the unlocked cell phone on the table in a bar while going to the bar for a drink can be the prelude to a drama of incalculable consequences. It is best to never lose sight of the phone and, in any case, always leave it locked when it is not being used. WhatsApp allows the app to be locked with a password, and even from the conversations within it, a security layer that will never be left over.

