Our services
Finding yourself with the hacked WhatsApp account could be a serious problem, especially when the messaging app is used for one's work: criminal hackers, in fact, would have easy access to a large amount of data and confidential information. Here is a practical guide for securing conversations
26 Nov 2019 MEmanuele MarsanoIT Security ConsultantIt is not so unlikely to find yourself with your WhatsApp account hacked: the success and the enormous popularity expose the messaging app to a series of risks of various kinds, in part similar to those already analyzed for Facebook and Twitter: among these, the most dangerous is undoubtedly the interest that the app arouses in hackers and curious people of all kinds in order to spy on other people's conversations.
How can we protect ourselves from spies and criminal hackers? What are the security measures to take to protect our privacy? These are just one example of the questions users ask me on a daily basis while using WhatsApp.
Index of topicsProtected with end-to-end encryption
Zuckerberg's company, in order to prevent and combat this type of threat, since 2016 has introduced a protection system called: “End to End encryption”. This system prevents malicious people from reading messages exchanged between users as, even if intercepted, they would be incomprehensible, ensuring that only interlocutors can read what is sent.
This is because the messages are as if they were protected with a padlock and only the sender and recipient have the “special” key needed to unlock and read them. WhatsApp calls are also end-to-end encrypted.
All this happens automatically, without the need to activate any settings.
The end-to-end encryption system is foolproof in the event of interception of messages and calls, but it can be circumvented in other ways. An attacker can, for example, take possession of our mobile phone and thus have free access to all our chats, or by cloning the WhatsApp application and / or exploiting possible flaws in the system.
Let's see, then, some tips and practical instructions to increase the level of protection of our conversations, remembering that one security measure does not exclude the others but rather each of them helps us to protect ourselves from certain threats rather than others.
WhatsApp account hacked? Let's update the app
All applications (or software) on the market are developed in terms of their functionality and immediately tested to check their safety. Often, however, either because of timing issues related to the launch on the market, or because a developer is still a man and as such can make mistakes, security flaws can occur which are subsequently discovered by IT security experts (specialists who work for securing corporate IT systems and products, both before and after their launch), or by users while using an app, or even worse by criminals looking for errors in the code, the so-called bug (access gate to the 'application).
Many important companies, such as Zuckerberg's, rely on a team of IT security experts, who develop updates (patches in IT) that serve to "plug up" the identified flaw. For this reason it is extremely important to periodically apply all released security updates. Let's find out how.
Update Android apps manually
- We open the Google Play Store app;
- Touch the Menu icon (the one with the three horizontal lines at the top left) and choose My apps and games;
- Apps that require an update are marked with an Update label.
- We touch Update.
Update Android apps automatically
- We open the Google Play Store app;
- Touch the Menu icon (the one with the three horizontal lines at the top left) and choose Settings;
- We touch Automatic app update;
Update apps on devices with iOS 12 or earlier versions manually
- Let's open the App Store;
- We touch Updates at the bottom of the screen;
- Apps that require an update are marked with an Update label.
- We touch Update to update a single app, or update everything at the top right.
Update apps on iOS 13 devices
- Let's open the App Store;
- Touch the icon at the top right (the user's avatar), which in the presence of available updates will display a number that will appear on the avatar;
- At the bottom, in the Available Updates section, you will find the apps that require an update with an Update label;
- We touch Update to update a single app, or update everything above.
Automatically update apps on iOS devices
- We open Settings by touching the relative icon;
- We scroll down and touch the iTunes Store and App Store;
- Then we activate Updates.
The advice, as trivial as it may seem, is to use only official apps, as other versions may not be safe or may have been created and modified by criminal hackers to steal personal data.
Hacked WhatsApp account: let's defend ourselves with double authentication
By cloning a user's SIM, and / or using other tricks, it is possible to install the WhatsApp application on another device, activating it with the passcode that will be received on the cloned SIM. Like many online services, WhatsApp has also introduced 2-factor authentication, a technique that allows you to avoid these threats by adding an additional verification, that is, in addition to the passcode received via SMS, a password must be entered during installation.
To enable this security measure you need to follow the following steps:
- Access the Settings within WhatsApp;
- Select the Account item;
- Open Two-Step Verification;
- Tap on Enable;
- Enter a 6-digit PIN and then re-enter it to confirm (this code will be requested from time to time to prevent the user from forgetting it);
- In the following screen enter your e-mail and select Next; repeat the email and then tap Done. The advice is to enter our e-mail accurately, as it is necessary in case we forget the PIN; instead, if we don't want to do it, we can also bypass the request by selecting Skip.
WhatsApp itself has informed users that in case of receiving an e-mail with a link for the deactivation of two-factor authentication (2fa), without having ever requested it, it is necessary not to open the connection as it could be a scam: “If you receive an unsolicited email from you about opting out of 2-Step Verification, don't click the link. Someone may have tried to verify your phone number on WhatsApp.
If you have enabled 2-Step Verification, it will take 7 days since you last used WhatsApp without your PIN before you can verify your number on WhatsApp again. Therefore, if you forget your PIN, but did not provide an email address when activating 2-Step Verification, you will not be able to verify the number again on WhatsApp within 7 days following the last use of WhatsApp. After 7 days, you can re-verify the number on WhatsApp without the PIN, but all pending messages will be deleted. If 30 days pass from the last use of WhatsApp without PIN and you try to verify your number again, your account will be deleted and a new one will be created during the verification process ”.
WhatsApp account hacked: block access to the app
Our conversations could be spied in various ways such as in the event that the device ends up in the hands of someone who knows the unlock code, or worse still, in the event of the loss or theft of the smartphone and access to it unprotected.
The recommendation to follow in any case is to block access to the smartphone via any authentication system present on the device (password, sign, Touch ID or Face ID). In addition, it is also possible to set a blocking system when opening WhatsApp chats.
For devices with iOS system, which use the Touch ID recognition system (unlocking with fingerprint) present on Apple iPhone 5s, 6 and 6 Plus, 6s and 6s Plus, SE, 7 and 7 Plus, 8 and 8 Plus, or Face ID (unlocking with facial recognition) present on Apple iPhone X and later versions, as well as the possibility of using third-party apps, you can activate the settings provided by WhatsApp:
- Configure one of the two biometric recognition systems and then unlock them by accessing the smartphone settings;
- Scroll to locate Touch ID and code or Face ID and code; if requested, enter the code;
- Enable the biometric recognition available by following the procedure;
- Access the Settings within WhatsApp;
- Select the Account item;
- Open Privacy;
- Scroll down and tap Screen lock;
- Enable Require Touch ID or Request Face ID;
- Set the time after which it is necessary to unblock WhatsApp with the newly activated feature.
On the contrary, for smartphones with an Android operating system it is not possible to protect WhatsApp access using the security measures provided by the app directly, since these settings were only introduced for iOS systems.
However, this limitation can be overcome by setting a lock with a PIN, sign or fingerprint, thanks to the use of third-party applications in the smartphone stores, such as: 360 Security, AppLock and so on. These apps allow you to block access to any application on your device.
WhatsApp Web: here's how to secure it
You can also chat with your WhatsApp contacts from a PC using WhatsApp Web, a feature that allows faster writing and saving the smartphone battery.
It is important to specify that another account will not be created, but the one on the smartphone will be used and consequently all messages exchanged via the computer will also be displayed on the Smartphone and vice versa.
To access from a PC, simply access the WhatsApp Web home page via any browser. On the smartphone you need to open WhatsApp, access the Menu and select the WhatsApp Web option. Now you need to turn your phone towards the PC screen and frame the QR code (a sort of square with many dots in the middle) and that's it : A WhatsApp Web session has been opened. All WhatsApp conversations will now be displayed on the computer screen.
This feature, in addition to being very useful and appreciated by users, has some vulnerabilities.
Anyone, taking possession of our cell phone, could spy on conversations following the procedure described above. In order not to take this risk, it is important to always protect access to your smartphone or WhatsApp app, avoiding that the procedure used for unlocking is known by others.
You can check from your smartphone if you have an open WhatsApp Web session by accessing the WhatsApp settings and then tapping on WhatsApp Web; if there is no open session, the camera will be activated to scan the QR code, otherwise, it will provide you with some information about the connected devices (city in which access was made, browser used and PC operating system) ; if we believe that you have not logged in to WhatsApp Web, you must tap on Disconnect from all devices and then Disconnect again to confirm.
Using WhatsApp Web can also be risky if you use a PC that is not ours or that we do not use alone. In this case, two drawbacks can occur:
when we close a browser, always make sure to disconnect from the service, by clicking on the button with the three dots and then choosing Disconnect. By not doing this, anyone who accesses the WhatsApp Web site will find our conversations displayed.
our chats can be spied when we unknowingly use a PC on which an attacker has installed a program capable of taking screenshots of the screen (images of what is displayed on the screen) or memorizing everything that is typed on the keyboard (keylogger) . In order not to run into this danger, the advice is to use WhatsApp Web only on our PCs or at most of trusted people.
Hacked WhatsApp account: defend against malware
Scam messages often circulate on WhatsApp inviting users to carry out apparently harmless actions with the aim of installing malware on the affected device.
These threats can be of different types: some are aimed at damaging the smartphone, others at stealing data and still others can be used to spy on user conversations.
There are not a few cases of devices attacked by malware. Let's see some of them to understand the ways that have been used to target systems:
The advice to avoid these dangers is to delete messages received from unknown numbers without viewing the content and update the app to the latest version, since in all probability there will have been some security fixes.
@RESERVED REPRODUCTIONCharactersEEmanuele MarsanoArgomentiAAndroidAApplicationsCCryptionDPersonal dataDdouble authenticationFfacebookHHackerHHackingIiOSKkeyloggerPpasswordPPrivacyTTwitterWWhatsAppWWhatsApp WebChannelsMalware and hacker attacksLA PRACTICE GUIDEMalware and hacker attacks