Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project Phase-II
Introduction • WhatsApp Messenger is a FREE messaging app • Available in Android, IOS and many other smartphones. • WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) • Most of us switched from SMS to WhatsApp to send and receive messages, calls, photos, videos, documents, and Voice Messages.
Se Secu curit ity b y by D y Default lt p provid ided by the A App • End-to-End encryption WhatsApp's end-to-end encryption ensures only you and the person you are communicating with can read what is been sent, and nobody in between, not even WhatsApp. • Added protection Every message you send has its own unique lock and key Go to Settings-->Account-->Security
Threats to WhatsApp
Few security threats you need to know about. 1. Web Malware 2. Unencrypted Backups 3. Data Sharing between Facebook and Whatsapp 4. Crash Notifications 5. Snooping on other Whatsapp User messages
1. Web M Malware • Malicious cybercriminals are looking to exploit the popular messaging app. • With the launch of a web interface and desktop application hackers were quick to pounce with fake WhatsApp websites and applications that stole data and distributed malware.
Few t tricks u used ed b by hacker ers • Hackers masqueraded WhatsApp https://web.whatsapp.com/ Desktop applications. • Created websites pretending to offer access to WhatsApp Web. Tip: Although WhatsApp does offer a client for both windows and mac, the safest option is to go directly to the source at https://web.whatsapp.com/
2.Un Unencrypted B Bac ackups • The backups that WhatsApp create contain the decrypted messages on your device. • The backup itself is not encrypted • Vulnerable as there is no ability to change your backup location No end-to-end security in the case of an backup and legal agencies can access with a warrant. Tip: It is always better to avoid abusing, bullying through Whatsapp messages and do not forward hoax calls and other threat messages
3. D 3. Data Sh Sharing b between Face cebo book k and What atsapp Facebook and WhatsApp deal include • Both Facebook and WhatsApp got • together and part of its deal include data sharing from WhatsApp to data sharing from WhatsApp to Facebook. Facebook. Information like the last Information like the last time you used time you used WhatsApp and your • WhatsApp and your registered phone registered phone number is part of number is part of this data sharing this data sharing between the Facebook/WhatsApp families. between the Facebook/WhatsApp • families. • Tip: Turn off data sharing options Tip: Turn off data sharing options on your on your WhatsApp. WhatsApp .
4. Cr Crash No Notification ons • WhatsApp users discovered that they could crash the target’s WhatsApp messenger installed on the cell phone. • For this, send a message that is more than 7MB. • When target person tries to open the thread whatapp will crash. • The target can regain control by deleting the thread. • Malicious people achieve the same thing by sending a message that is lesser than 2KB and it must contain special characters.
5. Snooping on other Whatsapp User messages • Xnspy, is a monitoring software, which allows users to access target’s WhatsApp messenger to all chats, photos and videos exchanged, and call logs. Tip: The best way to prevent a stranger accessing your WhatsApp is by making sure you never leave your phone lying around, or with someone whom you do not trust. It is better to install a tracking software or get a your phone’s Mac address.
Behavioural Tips for All
1. Always be courteous in replying after reading messages. 2. Show patience for receiving photos after the party/vacation 3. Avoid making fuss over others online behaviour 4. Make Appropriate Use of Emojis 5. Be clear in both words and approach 6. Avoid spreading fake news
7. Avoid getting into multiple topics at one go 8. Do not argue over silly matters 9. Never begin a topic that would hurt religious or cultural sentiments. 10. Don’t spam with unnecessary chains and forward messages 11. Control what you see and with whom you interact 12. Control what you share
Tools On WhatsApp, there are some basic controls that you can adjust as you see fit to help you protect yourself:
1. C Control ol who s sees y you our inform ormation on You can set your last seen, profile photo and/or status to the following options: • Everyone : Your last seen, profile photo and/or status will be available to all WhatsApp users. • My Contacts : Your last seen, profile photo and/or status will be available to your contacts from your address book only. • Nobody : Your last seen, profile photo and/or status will not be available to anyone. Read Receipts are always sent for group chats, even if you turn off the option in your privacy settings.
2. Configuring y your p privacy settings gs in Android Ph Phones • By default, WhatsApp sets your privacy settings to allow: • Any WhatsApp user to see your read reciepts, last seen, about and profile photo. • Your contacts to see your status updates. To change these settings, simply go to WhatsApp > Menu Button > Settings > Account > Privacy .
3. C Configuring your privacy settings i in I n IOS OS ba based m ed mobiles es • By default, WhatsApp sets your privacy settings to allow: • Any WhatsApp user to see your read reciepts, last seen, about and profile photo. • Your contacts to see your status updates. To change these settings, simply go to WhatsApp > Settings > Account > Privacy .
Note: If you do not share your last seen, you • won't be able to see other people's last seen. There is no way to hide when you are • online or typing . If you turn off read receipts, you won't • be able to see read receipts from other people. Read receipts are always sent for group chats. If a contact has disabled read receipts, • you will not be able to see that they have viewed your status update.
Using Status Go to the Status screen . Tap the Menu Button > Status privacy . Choose who can see your status updates. Note : Changes to your privacy settings won't affect status updates that you have already sent.
Changing your status privacy Your status updates cannot be seen by people whose numbers are not saved in your phone's address book. You can choose to share your status updates with all of your contacts, or with selected contacts only. By default, your status updates are set to be shared with all your contacts. To change your status privacy: Go to the Status screen. Tap Privacy on the top left of your screen. Choose who can see your status updates. Note : Changes to your privacy settings won't affect status updates that you have already sent.
To forward your status update to a chat: 1. Go to the Status screen. 2. Tap the three dots next to My Status . 3. Select the status updates you wish to forward, then tap Forward . 4. Choose from Frequently Contacted , Recent Chats or use the Search bar to look for a contact or group, then tap Forward .
Manually deleting your status update Status updates automatically disappear after 24 hours. You can also manually delete your status update, which removes it from your contacts' phones. To manually delete your status update: 1. Go to the Status screen. 2. Tap the three dots next to My Status . 3. Long press on the status update you wish to delete. 4. Tap Delete .
Muting a status update You can mute the status updates of a particular contact so they won't appear at the top of the status list anymore Muting a status update You can mute the status updates of a particular contact so they won't appear at the top of the status list anymore. To mute a status update: 1. Go to the Status screen. 2. Long Press on your contact's status update you wish to mute. 3. Tap Mute .
To unmute a status update: 1. Go to the Status screen. 2. Scroll down to see the Muted statuses. 3. Long press the contact you wish to unmute 4. Tap Unmute .
To block a contact 1. Open WhatsApp. 2. Open the Application Menu (Swipe down from the top of the screen). 3. Tap Settings > Privacy Settings > Blocked Contacts. This page displays all contacts that you have blocked. 4. Tap Add Contact icon at top right of the screen to select a contact to block.
Recommend
More recommend