The popular messaging platform WhatsApp, recently unveiled a new account verification feature that will prevent viruses from affecting users’ accounts while it is active on their mobile device. According to Mashable, the firm owned by Meta said in a statement, “mobile device malware is one of the most significant risks to the security and privacy of individuals today as it can take gain access to your mobile device despite permission from you and use your WhatsApp account to send inappropriate messages.”
The goal is to prevent attackers from taking over victim accounts and stealing WhatsApp authentication credentials in order to send spam and false messages to other contacts while posing as the victim. A cryptographic nonce to determine whether a WhatsApp client is contacting the server to retrieve incoming messages, an authentication challenge that serves as an “invisible ping” from the server to a user’s device, and a security token that is locally stored on the device are all introduced to achieve this, as per Mashable.
In order to identify possibly suspicious connections, the client must submit the security token each time it connects to the server. For its part, the security token is updated each time an offline message is fetched from the server. When a client answers to an authentication challenge from a different device, suggesting an unusual connection coming from an attacker, the authentication challenge is deemed to have failed. The connection is subsequently blocked as a result. If the client does not answer, the operation is repeated “a few more times,” and the connection is shut off if the consumer still does not respond. According to WhatsApp, Device Verification is now accessible to all Android users, and it is now available to iOS users.