Who could forget the Jeff Bezos attack in 2018, when his phone was hacked and his personal data was leaked to the public? The attack launched a very public divorce after incriminating photos of Bezos and his mistress were released, followed by a roast by Chris Rock at the Oscars.
The cyberattack involving WhatsApp degraded the Facebook-owned company’s security level since the 2018 Bezos attack. Now, WhatsApp is trying to rebuild its security-related reputation, beginning with a new security feature.
WhatsApp’s New Feature
WhatsApp’s new security feature works on primary devices tied to the user’s account, but not in companion devices like desktops and laptops that only mirror the content on their phones. It went live in September 2021 with the following statement:
With the introduction of end-to-end encrypted backups, WhatsApp has created a Hardware Security Module(HSM) based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users’ message history.
As end-to-end encrypted backups are enabled before it reaches the cloud, the application encrypts the chat messages, photos, videos and other messaging data with a random key generated on the user’s device. The key encrypting the backup is secured with a user-provided password stored in the vault for easy recovery when the device gets stolen.
An alternative to that is that users can provide a 64-digit encryption key instead of a password. However, the encryption key would need to be stored manually since it will no longer be sent to the HSM Backup Key Vault.
If the account owner wishes to access their backup, they need the 64-digit ket, which is also used to retrieve the encryption key from the backup key vault to decrypt their backups.
Moreover, the vault is scattered in five data centres, responsible for implementing password verification and rendering the key inaccessible after a series of unsuccessful login attempts. The latter generally reduces the likelihood of brute force attacks.
What the User Should Do
If you’re a WhatsApp user, you can rest assured that you are protected from data privacy breaches with the new security feature. WhatsApp has invested in this new feature to ensure that all users feel safe against such attacks.
Security Features for Small and Midsize Businesses
Aside from WhatsApp’s new end-to-end encryption security feature, you can also take several security measures to ensure extra protection from data privacy breaches. Here are some tips to get strong security:
- Have a password manager to improve your personal and work password management
- Require a two-factor authentication in all SaaS solutions and other critical accounts
- Use passwords with a length of more than 14 characters in your Governance Policies and technology configurations
- Train employees to spot and avoid falling victims to email phishing attacks
- Test employees and implement anti-phishing security measures
- Backup data using the 3-2-1 method, or three copies of data, two backup copies in different storage media, and one storage located offsite
- Incorporate the Principle of Least Privilege
- Do a risk assessment every two to three years
WhatsApp’s new incredible security feature protects all app users from encountering the same data security breach that Jeff Bezos suffered in 2018. It aims to prevent the same thing from happening to another user while building back the app’s security reputation.
Still, the wisest thing to do, especially if you run a business or hold important data on your device, is to implement additional security measures.
FraudWatch is a digital brand protection company protecting client brands worldwide since 2003. We are leaders in online brand protection against phishing, malware, social media and mobile apps impersonation. We will take care of your brand’s fully managed threat hunting, intelligence, detection and takedown of threats outside your perimeter. Avoid brand abuse and other cyberattacks with FraudWatch. Get in touch with us today!