WhatsApp update brings major new security feature to check app is legitimate
WhatsApp has launched a new feature, named “Code Verify”, intended to improve its security.
The tool consists of a browser extension that makes sure users are really running WhatsApp – and that the code has not been tampered with an attempt to hack or otherwise attack users.
WhatsApp said it had taken the decision to introduce the new tool because of a rise in the number of people using WhatsApp Web, which allows people to access their messages through their browser. That came after the company added multi-device capability last year, meaning that WhatsApp could connect with more than one computer at any one time.
Using WhatsApp on the web means that users can keep up with messages on their computer, type using their keyboard, and more. But it also offers a new opportunity for cyber criminals to try and break into the system.
That is because while WhatsApp is able to encrypt the messages as they are sent over its system, protecting them from being read, hackers could potentially read those messages by hacking into the WhatsApp Web code itself.
Unlike the mobile app version of WhatsApp, web apps are served up straight to users – meaning that the security can be weaker and people might not even know they are being tricked.
“For years, WhatsApp has protected the personal messages you send on WhatsApp Web with end-to-end encryption as they transit from sender to recipient,” WhatsApp wrote in its announcement. “But security conscious users need to be confident that when WhatsApp Web receives these encrypted messages, it is protected as well.”
Code Verify attempts to fix that. It is installed as a web browser extension and works with internet infrastructure company Cloudflare to check that the code being run is legitimate, and that users are not being hacked.
Once it is installed, it will automatically check that code and show the result in a traffic light system. Users will be told that they are validated and safe, that there are possible risks – or that there is a validation failure and something has gone wrong with the source code.
Links to download the extensions can be found on…
