How to protect whatsapp from hacking

How to secure your WhatsApp account from social hacking

The VergeThe Verge logo.

The Verge homepage

The VergeThe Verge logo.

Tech/
Facebook/
Reviews

Set up a PIN before someone else gets the chance

By Jon Porter / @JonPorty

Jan 23, 2020, 4:58 PM UTC|

Share this story

Photo by Thomas Ricker / The Verge

Facebook’s WhatsApp messaging service is incredibly easy to set up, but this easy setup process means that your account is open to abuse if you’re not careful. Thankfully, it’s fairly simple to enable an extra layer of security on your account, which means that you won’t lose it if your six-digit activation code gets compromised.

These security options unfortunately won’t stop you from a serious hack such as the one that hit Amazon CEO Jeff Bezos. What it will do is offer another layer of protection if someone manages to trick you into sharing your security code, which is a process known as “social hacking.”

If you need any convincing about why it’s a good idea to use this extra security, then allow me to share a friend’s recent experience about what can go wrong when you don’t.

Bleary-eyed one Sunday morning, she received a WhatsApp message from a close friend that asked if she could forward over a six-digit code that she was just about to receive via SMS. Without thinking, and because she trusted her friend, she sent over the code and suddenly found herself logged out of her WhatsApp account.

Never share your six-digit WhatsApp verification code with anyone

You probably realized what happened. That wasn’t just any six-digit code; it was the six-digit code that WhatsApp sends to your mobile number via SMS to associate with your WhatsApp account. In sharing that number, my friend had inadvertently allowed the attacker to log in to her account.

Since her attacker now had control of her account, they were then able to send messages from it to any contacts she was in the same group chat with. That’s how the attacker was able to ask for my friend’s six-digit verification code via another friend’s number; they’d gained control of that account as well and used it to message every contact they could, trying to rope them into the scam.

In theory, having your WhatsApp account taken over should be a fairly easy situation to resolve: just enter your phone number into the app and have it send you another six-digit code. The problem is that hackers can spam your number with a bunch of incorrect six-digit codes so that you get locked out of your account for up to 12 hours. Then, if you hadn’t set up a PIN of your own, this leaves an attacker free to set up one of their own on your account, locking you out for seven days in total.

That’s why it’s so important to remember these two rules:

Never share your six-digit WhatsApp code with anyone — not your parents, not your best friend, and definitely not your sibling. No one will ever have a legitimate reason to ask for the code that WhatsApp sends you over SMS, so don’t even think about sharing it.
Should the worst happen, then setting up a PIN will act as another barrier to stop someone from being able to sign in to your account, and it will stop this nightmare from happening to you.

How to secure your WhatsApp account

Somewhat confusingly, the PIN is also six digits long. In order to set it up:

Open WhatsApp and tap the three dots on the top right of the screen
Hit “Settings” > “Account” and then pick “Two-step verification”
Hit “Enable,” and then pick your six-digit PIN. The gallery of screenshots below will walk you through the whole process.

This next step isn’t mandatory, but adding an email address will allow you to recover your account if you forget your PIN. WhatsApp will periodically ask you for your PIN while you’re using it so that you don’t easily forget it, but we’d still recommend having a backup.

One more thing: it would be remiss of us if we didn’t mention that, in the past, Facebook (WhatsApp’s parent company) has gotten in trouble for using phone numbers provided for two-factor authentication for ad-targeting. The Federal Trade Commission told the company to stop the practice last year. When we asked WhatsApp, it categorically denied that it does this with its backup email addresses, and we think the benefits of providing an email address outweigh the risks.

Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.

Seven tips you can follow to protect your WhatsApp account from hackers

Last week, the big news was about Amazon CEO Jeff Bezos and his phone being hacked by Saudi Arabia. A report coming from the Guardian suggested that Bezos’ phone was hacked via a video file sent on WhatsApp. The report said that Bezos’ mobile phone was hacked by Saudi Arabian prince in the year 2018 and gigabytes worth of data was stolen from the device.

Meanwhile, another report coming from Wall Street Journal revealed that his girlfriend, Lauren Sanchez was the one who had shared her private text messages with the Amazon CEO. Sanchez is believed to have sent the messages to her brother Michael Sanchez, who sold the data to the National Enquirer, which then published a story about Bezos and Sanchez’ affair.

Read here to know everything that happened in Amazon CEO Jeff Bezos’ phone hack case

While there are some issues being raised about the report which states with the ‘medium to high confidence’ that Jeff Bezos’ phone was hacked, it does raise a security fear for regular users. After all, if the phone of one of world’s most powerful man can be hacked, the same can happen to any one of us as well. Here are seven tips you should keep in mind to protect hackers attack you via WhatsApp.

Subscriber Only Stories

View All

Apply New Year promo code SD25

End-to-end encryption

All WhatsApp users should ensure that their chats are end-to-end encrypted. To verify that a chat is end-to-end encrypted, open the chat, tap on the name of the contact to open the contact info screen, and then tap Encryption to view the QR code and 60-digit number. WhatsApp end-to-end encryption ensures that only you and your contact can read the messages that are being exchanged and nobody in between, not even WhatsApp.

Don’t click on any suspicious link

Do you keep getting random links as messages from your contact on WhatsApp? Well, then you should never click on links that you find fishy. In fact, it’s a good idea to first known what the sent link is all about from your contact and then click on it. Some reports suggest that WhatsApp is working on a “suspicious link” feature, which will make it easy for users to find out a certain link is authentic or not.

Tweak those privacy settings

WhatsApp provides various privacy options to the users. The messaging platform provides users with options to choose who they want to share their profile photo, status, and other details with. It’s a good idea to change the Setting to “Contacts only”. This means only phone number that are saved on your smartphone will be able to see your profile photo, status, phone number, and auto-delete status as well.

Deactivate WhatsApp when phone is stolen, lost

Losing phone is a very common phenomenon. In this case, you should ensure to deactivate WhatsApp account before someone else hacks it and gets access to all your personal data. To deactivate WhatsApp account, go to Settings, Delete my account option, enter phone number, and then click on “Delete my account”.

Remember to log out of WhatsApp Web

We often have the tendency to login to WhatsApp Web at office and then leave the account open on the desktop. This habit can actually create problems for you. Someone else sitting on the same PC can access all your chats without you even realising it. It’s a good practice to Logout from WhatsApp Web before leaving office. It’s just takes seconds to login again. Just scan the code and you’re done.

Lock WhatsApp screen

Try out WhatsApp lock screen option available on Android. This will ensure no one else can but you can open your WhatsApp account. Just head to Settings menu, Privacy, and then select Screen Lock option. You will then need to register your fingerprint. After the process is completed, you will have to scan your fingerprint every time you open the WhatsApp app. This adds an extra layer of security.

Here are some more privacy WhatsApp features. Check out

Two step verification

WhatsApp introduced the “Two-step verification” feature around two years ago. This feature adds more security to your WhatsApp account. To enable two-step verification, open WhatsApp, go to Settings, click on Account, Two-step verification, and enable it. WhatsApp also asks you to enter your correct email address.

Here’s how to enable Two step verification on WhatsApp

WhatsApp mentioned in an official blog that, “this email address will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit PIN, and also to help safeguard your account. We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you’re not locked out of your account if you forget your PIN.” The messaging platform also said, “If you receive an email to disable two-step verification, but didn’t request this, don’t click on the link. Someone could be attempting to verify your phone number on WhatsApp.”

10 ways to securely protect WhatsApp from hacking and wiretapping

Let's talk.

By default, the security of the WhatsApp messenger is so-so. The same goes for privacy. However, fine-tuning will, if not eliminate, then at least minimize the risks. We will teach you how to make the application more secure and help protect the privacy of your correspondence.

1) Turn on two-factor authentication

Launch the messenger, go to "Settings", then to "Account", click on "Two-step verification", and then - "Enable". Now come up with a PIN code (be sure to remember it). Don't forget to also include your email address in case you need to change your PIN in the future. nine0003

Now, when you need to confirm your messenger account, in addition to the SMS code, you will also need to enter a PIN.

2) Disable pop-up messages

Go to "Settings", select "Notifications", turn off "Show notifications" (you can separately disable pop-up messages, both from users and groups).

This will increase privacy - no one will see confidential correspondence on the screen of your locked smartphone. nine0003

3) Hide your own activity time

By default, WhatsApp users are shown each other's online activity time. That is, you can find out when you last launched the messenger.

If you do not want anyone to know that you have been online recently, then go to "Settings" → "Account" → "Privacy" and replace the item "Been (-a)" to "Own contacts" or "No one".

4) How to hide correspondence with a specific user? nine0009

It's easy to hide a conversation without deleting a conversation. To do this, just select the desired chat, then swipe it from right to left, and then click "Archive".

Yes, if someone has access to your smartphone and this someone is more or less an advanced user, he will find the conversation in the archives. However, not everyone knows about it. At least some protection.

5) Blocking users

And this will help you get rid of spammers, numerous scammers and people who are simply unpleasant to you. nine0003

It's simple - you need to add an annoying or unwanted contact to the black list. To do this, click on the user's contact, click on the avatar from above, go down to the very bottom, where we find the "Block" option. We block.

By the way, you can see the entire list of blocked users by going to "Settings" → "Account" → "Privacy" → "Blocked".

6) Disable message backup

In order to disable the backup of your correspondence in iCloud, you need to go to "Settings", then to "Chats", click on "Backup", and then to the item "Automatically". Change it to "Disabled".

The fact is that in the cloud all correspondence is stored unencrypted. If your account is hacked, your chats will also be accessed.

7) Hide information, statuses, photos

Go to "Settings" → "Account" → "Privacy". There we select the desired item: “Profile photo”, “Information” or “Status”, determine who will see your data (either “No one” or “My contacts”) - this way strangers will not be able to track you. nine0003

8) Hiding message read notifications

If you do not want your interlocutors to know that you have already read their messages (by default this is indicated by a blue double checkmark), you need to go to "Settings" → "Account" → "Privacy" and uncheck the box "Read records".

Unfortunately, after that you will not be able to see similar checkmarks from your contacts.

Yes, it only works in regular chats, not group chats. nine0003

9) How to hide information about reading a message without turning off read receipts

Still, there is a possibility to read messages without notifying the sender, while not turning off read receipts (as in the previous paragraph). Airplane mode to the rescue. We turn it on, read the message, close WhatsApp, turn off airplane mode. That's it - the sender will not be notified of the read.

10) Turn off the display of geolocation

You can share your geolocation in WhatsApp - the application allows you to quickly send the desired address. You can choose how long to share your location: 15 minutes, 1 hour, or 8 hours. nine0003

What if you need to disable this feature (let's say you accidentally shared your geolocation by mistake)? We go to "Settings" → "Account" → "Privacy", select "Geodata" there, and then "Stop sharing". Everything!

✅ Follow us on Telegram, VKontakte, and Yandex.Zen.

WhatsApp vulnerabilities and how to protect yourself from being hacked

Hello.

Pavel Durov needs to be thanked for this topic, as he uses every chance to kick his direct competitor in the face of WhatsApp. This time, Pavel burst out with a lengthy message that WhatsApp is insecure (once again) and can be broken. nine0003

Let's give a translation of what Durov said:

Hackers could have full access (!) to everything on the phones of WhatsApp users.

This was made possible by a security issue that was reported by WhatsApp itself last week. All the hacker had to do to gain access to your phone was send you a malicious video or start a WhatsApp video call with you.

You're probably thinking, "Yeah, but if I update WhatsApp to the latest version, I'll be safe, right"? nine0003
Not exactly.

The exact same WhatsApp security issue was discovered in 2018, then another in 2019 and another in 2020 (click on each year's link to see the corresponding vulnerability). And yes, in 2017 before that. Until 2016, WhatsApp had no encryption at all.

Every year we hear about a problem in WhatsApp that puts all users' devices at risk. This means that there is almost certainly a new security breach already in place. Such problems are hardly accidental - they are laid down by backdoors. If one backdoor is found and needs to be removed, another is added (read Why WhatsApp will never be secure to see why). nine0003
It doesn't matter if you're the richest person on earth - if you have WhatsApp installed on your phone, all your data from every app on your device is available, as Jeff Bezos found out in 2020. That's why I deleted whatsapp from my years old device. Installing it creates a door to enter your phone.

I don't push people to switch to Telegram. With 700+ million active users and 2 million daily registrations, Telegram does not need any additional promotion. You can use any messaging app you like, but stay away from WhatsApp - it's been a snooping tool for 13 years. nine0003

Durov has been creating the image of a fighter for privacy for many years, which sometimes looks funny. But the claims against WhatsApp are quite justified, since the company is really trying to collect as much data about you and your actions, in addition to this, “accidentally” there are security holes that allow you to steal user data. And here it doesn’t matter if it was done on purpose or by accident, the fact is that you can be hacked.

As in any horror story, there is a certain distortion in Durov's words, you cannot get full access to all your data through WhatsApp. Go to app permissions and see exactly what WhatsApp can do. nine0003

By and large, it can steal your contacts, as well as photos and videos, plus all the documents that you store on your device. On iOS, the situation is about the same, there are no differences. For example, installing unknown applications from this application is prohibited by default for everyone (on iOS there is no such option at all). So you can feel relatively safe, not to worry that applications unknown to you will appear.

But downplaying the problem and dismissing it is also not worth it, access to your data is an unpleasant moment. And here the question arises, how much do you need WhatsApp and how to put up with the fact that it is full of holes. The same Telegram was not caught on vulnerabilities, a couple of times competitors made formidable accusations, but they could not back them up with something significant. Like, they just know that they are there too. In theory, of course, there are, in practice we do not know about them. nine0003

The easiest way is to limit the permissions of WhatsApp, but then the application will be inapplicable in practice, this way looks like pure masochism, then it’s easier to refuse it altogether. By the way, in Russia, the popularity of WhatsApp has long declined, it is used out of habit by a fairly small group of people, Old Believers, who are not inclined to exchange for something new. If you look at the application traffic, it will become clear that WhatsApp is kept for show, since the cat cried traffic, the main communication goes to Telegram. nine0003

We conducted a survey in our Telegram channel about what messengers you use (yes, it's funny - to poll in Telegram what messenger you have), but many people have a bunch of Telegram and WhatsApp.

Poll can be found here

I have exactly the same bundle, only WhatsApp is on the second device, where there is absolutely nothing, and at the same time it has been moved to the protected KNOX folder. In Samsung, this is a phone within a phone, where the permissions for applications are exactly the same, but they do not have access to the main memory. That is, in fact, this is not just my second phone, but also another protected zone inside it, from which WhatsApp cannot escape, and at the same time access my files. At the same time, I see notifications as usual, I do not miss messages. nine0003

Perhaps you don’t have a Samsung smartphone, then you will have to get out of the situation somehow differently, for example, start the same WhatsApp on the second phone (if you have something to hide, then most likely there will be money for a second phone) .

Most people habitually shrug off security and are ready to share their photos with those who wish, and so, they say, there is nothing like that. In principle, the way it is, we do not hide any secrets in photos and videos, but the very idea that someone can delve into my memories or work files is unpleasant to me. nine0003

The biggest annoyance is not remote hacking of your WhatsApp, the probability of this event is minimal. Usually, data is leaked from your phone when someone gains access to it. Turn on the app lock with your fingerprint, it will help you avoid the curiosity of strangers who somehow managed to take your phone without your knowledge.

Any safety stories attract attention. There are no examples of mass hacking of WhatsApp, potential vulnerabilities are greater than those of other instant messengers, which is a fact. But how exactly you will encounter problems, only you can assess - think adequately about your lifestyle and what you are doing. Interested in hacking? Then, apparently, it is worth somehow protecting yourself, after all, this is your life and your information.