WhatsApp update brings major new security feature to verify app is legit

WhatsApp has launched a new feature, called “Code Verify”, to improve its security.

The tool consists of a browser extension that ensures users are really running WhatsApp – and that the code hasn’t been tampered with by an attempted hack or other attack.

WhatsApp said it took the decision to introduce the new tool due to the increase in the number of people using WhatsApp Web, which allows people to access their messages through their browser. This came after the company added multi-device capability last year, which meant WhatsApp could connect to more than one computer at a time.

Using WhatsApp on the web means users can follow messages on their computer, type using their keyboard, and more. But it also provides a new opportunity for cybercriminals to try to break into the system.

Indeed, although WhatsApp is able to encrypt messages as they are sent on its system, protecting them from being read, hackers could potentially read these messages by hacking the web code of WhatsApp itself.

Unlike the mobile app version of WhatsApp, web apps are offered directly to users, which means security may be weaker and users may not even know they are being tricked.

“For years, WhatsApp has protected the personal messages you send on WhatsApp Web with end-to-end encryption as they travel from sender to recipient,” WhatsApp wrote in its announcement. “But security-conscious users should be sure that when WhatsApp Web receives these encrypted messages, it is also protected.”

Code Verify attempts to resolve this issue. It is installed as a web browser extension and works with internet infrastructure company Cloudflare to verify that the code being executed is legitimate and that users are not being hacked.

Once installed, it will automatically check for this code and display the result in a traffic light system. Users will be informed that they are validated and safe, that there are possible risks – or that there is a validation failure and something went wrong with the source code.

Links to download extensions can be found on facebook website. It’s currently offered for Chrome and Edge, and a Firefox version is on the way.

“This is a major step forward in combating the rapid adoption of SMS phishing (smishing) which is often used to manipulate victims into thinking they are talking to a familiar contact,” said Jake Moore, Global Cybersecurity Advisor at ESET. “However, when the majority of WhatsApp users are mobile rather than using the browser version, it seems strange not to push this verification update to mobile users as well.

“It is possible to add two-step verification to WhatsApp but it is not enabled by default. This can prevent attackers from trying to hijack your account and pretend to be you to your contacts. It is therefore essential that all users implement this security feature from account settings as soon as possible.”

About Donald J. Beadle

Check Also

New Profile Pic app: Does Russia collect personal data from Facebook users?

It’s a new internet craze that turns your Facebook profile picture into a painting or …