On Thursday, the popular instant messaging service WhatsApp unveiled a new account verification feature that will prevent viruses from affecting users’ accounts while it is active on their mobile device. The firm owned by Meta stated in a statement that “mobile device malware is one of the most significant risks to the security and privacy of individuals today as it can take gain access to your mobile device despite permission from you and use your WhatsApp account to send inappropriate messages.”
SEE ALSO: Apple Confirms That It Will Only Use 100% Recycled Cobalt Batteries For Carbon-Neutral Products By 2025
Device Verification is a security solution that aims to avoid account takeover (ATO) assaults by cutting off the connection to the threat actor while preserving uninterrupted app use for the targets of the malware infection.
In other words, the objective is to prevent attackers from using malware to take over victim accounts and steal WhatsApp authentication credentials in order to spread spam and fake messages to other contacts while posing as the victim.
A cryptographic nonce to determine whether a WhatsApp client is contacting the server to retrieve incoming messages, an authentication challenge that serves as an “invisible ping” from the server to a user’s device, and a security token that is locally stored on the device are all introduced to achieve this.
In order to identify possibly suspicious connections, the client must submit the security token each time it connects to the server. For its part, the security token is updated each time an offline message is fetched from the server. When a client answers to an authentication challenge from a different device, suggesting an unusual connection coming from an attacker, the authentication challenge is deemed to have failed. The connection is subsequently blocked as a result.
SEE ALSO: Meta CEO Mark Zuckerberg Gears Up To Save Costs; Limits Free Food And Snacks Along With Other Perks
If the client doesn’t react, the procedure is repeated “a few more times,” and if the customer still doesn’t respond after that, the connection will be cut off. Device Verification has been made available to all Android users, according to WhatsApp, and it is now being made available to iOS users.
The function is part of a larger package of updated features aimed at authenticating and confirming users’ identities, such as alarms that appear when a WhatsApp account is attempted to be moved from one device to another.