Security News > 2022 > March > Here's How to Find if WhatsApp Web Code on Your Browser Has Been Hacked
Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers.
Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to "Automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook said in a statement.
The goal with Code Verify is to confirm the integrity of the web application and ensure that it hasn't been tampered with to inject malicious code.
The system works with Cloudflare acting as a third-party audit to compare the cryptographic hash of WhatsApp Web's JavaScript code that's shared by Meta with that of a locally computed hash of the code running on the browser client.
Code Verify is also meant to be flexible in that whenever the code for WhatsApp Web is updated, the cryptographic hash value will be updated automatically in tandem, so that the code served to users is certified on the fly.
"The idea itself - comparing hashes to detect tampering or even corrupted files - isn't new, but automating it, deploying it at scale, and making sure it 'just works' for WhatsApp users is," Cloudflare said.
News URL
https://thehackernews.com/2022/03/heres-how-to-find-if-whatsapp-web-code.html