Security News > 2023 > April > WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
"Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement.
Called Device Verification, the security measure is designed to help prevent account takeover attacks by blocking the threat actor's connection and allowing the target to use the app without any interruption.
This, in turn, is achieved by introducing a security-token that's stored locally on the device, a cryptographic nonce to identify if a WhatsApp client is contacting the server to retrieve incoming messages, and an authentication-challenge that acts as an "Invisible ping" from the server to a user's device.
WhatsApp said Device Verification has been rolled out to all Android users and that it's in the process of being rolled out to iOS users.
The feature is part of a broader set of new enhancements that are designed to authenticate and verify users' identities, including displaying alerts when there is an attempt to migrate a WhatsApp account from one device to another.
WhatsApp intends to make this feature live in the coming months, although it's already hosting and operating an Auditable Key Directory of all its users.
News URL
https://thehackernews.com/2023/04/whatsapp-introduces-new-device.html