END-TO-END IS THE ONLY WAY TO ENCRYPTWhatsApp recently implemented full end-to-end encryption to protect users' content, as well as metadata, such as identity and location. This is important. Not only can data not be decrypted by intercepting parties, but WhatsApp also cannot deliver any data to law enforcement, hackers, or any foreign state. This might sound like a flaw or some kind of aid to terrorist states but it’s actually by design. Jan Klum, WhatsApp’s founder (and newest billionaire to reach position 62 on Forbes list of 400 richest Americans), was actually born and raised in Ukraine, so he is well aware of the privacy compromises for citizens living under a socialist republic. WhatsApp has adopted Apple’s basic stance on security, which is a hands-off approach to user data. This keeps data secure, but that doesn’t mean hackers haven’t already begun to plot against users.
PHYSICAL ACCESS ALWAYS TRUMPS ENCRYPTIONHaving end-to-end encryption will put many users at ease but no security measure is 100%. One area of concern is the WhatsApp web interface. This is attractive to unscrupulous hackers looking to distribute their own download links – these links deliver malware to unsuspecting clickers. Like phishing emails, it is important to verify you are using a valid URL (http://web.whatsapp.com/) before clicking on that link. Since you do not need to download any browser extensions or apps, you can simply go to the correct page and sign in.
SPYING ON WhatsAPP CONVERSATIONSOne surreptitious method used to listen into WhatsApp conversations is called MAC spoofing. Every smartphone has a unique identifier called a MAC (Media Access Control) address, which is used to route messages. If a hacker temporarily assigns someone else’s MAC address to their phone, they can intercept those WhatsApp messages. Since the address is only 12 characters in length and can easily be obtained if someone can get physical access to your phone, it’s a fairly easy hack to perpetrate. Never give your phone to anyone you do not implicitly trust. Another way to intercept and spy on any encrypted WhatsApp communications is mSpy. mSpy is a ‘monitoring tool’ for smartphones and computers that sends reports on calls, text messages, browsing and WhatsApp conversations back to the owner of the app. All a hacker needs is brief physical access to your smart phone or computer for a few minutes to install this spy app. It’s like having an automated service that takes screenshots of everything you do on your device, except you don’t know about it and it’s sending all that data to someone who does not have your best security and privacy interests in mind.
THE FUTURE OF WhatsAppWhatsApp has proven to be the most successful messaging app in the world. And with full encryption for one billion users now in place, the service is taking a step in the right direction. But we should always keep in mind that no messaging app is 100% secure. Being their parent company, Facebook doesn’t have the best reputation for transparent and secure user data policies, so they have their work cut out for them. Is this simply a hollow gesture at security or a marketing ploy on Facebook’s part? In the world of hacks and data breaches, no news is usually good news, so we shall see.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock