How to secure your WhatsApp Messenger

WhatsApp is a free messaging application that allows one-to-one communication or in groups. It differs from SMS in that for SMS the messages are sent via the vendor/service provider but for WhatsApp communication is done over the internet. WhatsApp has end-to-end encryption, which means that your chats are encrypted and in case someone tries to intercept the message they cannot be able to read the contents of the message.

How Does WhatsApp Encryption work?

As aforementioned, WhatsApp offers end-to-end encryption. Encryption is the process of encoding information where the plain text(message) is converted to another form called cipher text(encoded message) using a key(cipher key). This cipher key changes for every message meaning every message is ciphered using a different key. In WhatsApp, only the sender and the receiver have the special key used to decipher the message sent, this means that WhatsApp can neither read your messages nor listen to your conversations. In a nutshell, this means that your WhatsApp messages are securely sent to one another and no one can be able to read or listen to your conversations since without the key, they cannot decipher the messages and every message sent is ciphered using a different key thus making it difficult for someone to read and listen to your conversations.

How WhatsApp hacking occurs.

From what we have seen about WhatsApp it is clear that it may be difficult to hack WhatsApp since all messages are encrypted and can only be decrypted by the sender and recipient. On top of that, the key used to encrypt one message is different from the key that encrypts the next message. So how do guys get their WhatsApp hacked?

Hacking is getting unauthorized access to someone’s data or device, in our case, it is getting unauthorized access to someone’s WhatsApp. So what happens is the hacker/ malicious party gets the victim’s phone and links their WhatsApp either to their device or laptop through WhatsApp web which is a quick way of sending and receiving WhatsApp messages to your computer/laptop. The attacker/hacker takes the victim’s phone and goes to the linked devices option in WhatsApp and links their WhatsApp to their phone/computer.

After the attacker has linked their device to your WhatsApp it’ll be shown at the linked devices as shown in the image above where we can see a chrome browser icon since it has been linked to my WhatsApp.

The other method by which WhatsApp can be hacked is through the installation of spyware. On Android, one app cannot read resources for another application. This means the spyware cannot be able to access the area where WhatsApp messages are stored. So the spyware usually grabs the notification banners and sends them to the attacker. The notifications that are shown in the notification area on android/ios devices are captured by the spyware. After the messages are captured they send the messages to the attacker and that’s the other way WhatsApp messages can be seen. This is possible since when the messages are shown at the notification, they are already decrypted and now in clear text.

The last method is through zero-day exploits. Zero-day exploits are vulnerabilities that may be in software that the software developers don’t know about it. Zero-day exploits are quite expensive and are mainly used by government agencies or a person who can afford to buy them. A zero-click WhatsApp exploit can go at about $2.5 Million that why it is used by government agencies since they are likely to afford that amount.

How to detect if your WhatsApp is hacked.

Signs of a compromised WhatsApp may include:

  • If you find read messages that you didn’t open.
  • If you get conversations that you weren’t part of.
  • If you see sent messages that you didn’t send.
  • If you find some conversations you had already deleted.
  • If you get a device at the linked devices option that you have no idea about. This is illustrated in the diagrams below:

How to Prevent Your WhatsApp from being hacked.

You can prevent your WhatsApp from being hacked by:

  • Adding a password lock to your WhatsApp to prevent unauthorized access to the app. This can be done using the phone master app, which is preinstalled on most android phones.
  • Activating two-step verification for your WhatsApp account which will require a pin when registering your number with WhatsApp again. This prevents someone from registering WhatsApp using your number since they’ll be asked for the password anytime you are doing a fresh install.
  • Constantly checking the linked devices to check if there’s a linked device that you don’t have prior knowledge of and log them out.
  • If you suspect spyware, first disable WhatsApp notifications since most spyware reads the messages on the notification bar. Then go to settings, select Apps options, and go through the apps searching for the app that looks suspicious and an app that you didn’t install. (NB: Ignore system applications).

How to enable 2-step verification in WhatsApp

Stay Safe !!

Share this article
Charles Koome
Charles Koome

I am a cyber security enthusiast and love all kinds of tech stuff. I love playing CTFs and doing penetration testing(websites and mobile applications).

Articles: 9

Leave a Reply

Your email address will not be published. Required fields are marked *