Even though WhatsApp is one of the most popular messaging solutions around, it is far from the most secure. Recent news stories indicate that WhatsApp has become a popular target for all manner of cyber predators, including data thieves, hackers, blackmailers, and fraudsters.
Not surprisingly, a lot of users would like to know how to make WhatsApp more secure. In particular, they would like to know how to encrypt the messaging solution to keep unwanted visitors from getting access to their data.
Fortunately, WhatsApp Inc. and its parent Facebook Inc. (NASDAQ: FB) have responded to this problem by implementing end to end encryption with the help of a software called TextSecure in November 2014. End to end encryption means that all WhatsApp messages have at least some security protection.
How End to End Encryption Works
The new security measures mean that all WhatsApp messages are encrypted. Basically, the message is encrypted on your phone when you send it and decrypted by the recipient’s device.
The use of TextSecure actually makes WhatsApp more secure than Apple’s iMessage, Wired reported. Unfortunately, news reports indicate that end to end encryption for WhatsApp is not yet available on the iPhone; instead, it is currently only available on Android phones. The media did not say whether it is available for Windows phones either.
Messaging systems that utilize end to end encryption are harder to break because the data need to decrypt the messages is only found on users phones, The Guardian reported. That information is also stored on WhatsApp and Facebook’s servers, so it could presumably be stolen by hackers.
The good news is that end to end encryption is free for all WhatsApp users and is automatically turned on whenever you use WhatsApp over an Android device or the Google Chrome browser. That means average people do not need to take extra measures to utilize it.
Some Governments Hate WhatsApp
Even though it is free and impressive, the end to end encryption on WhatsApp is far from perfect. Since WhatsApp is utilized by several hundred million users worldwide, it is targeted by everybody from individual hackers to intelligence agencies. .
The encryption is controversial; there are even news reports from the United Kingdom that indicate Prime Minister David Cameron would like to ban all encrypted messaging apps. Law enforcement and spy agencies hate end to end encryption because it allows criminals and terrorists to send messages they cannot intercept.
Fortunately for British subjects, the laws of the European Union make it illegal for governments to ban encryption. Both the European Convention on human rights and the United States Constitution guarantee an individual’s right to privacy, which makes it illegal for the government to ban encryption.
One reason why Cameron wants to ban WhatsApp is the high level of encryption, which makes it very hard for British police to crack messages. The service has a high level of security because one of its founders, Jan Koum, grew up in the Soviet Union, where Communist secret police spied on everybody. When he set up a messaging system, Koum wanted to try to help maintain privacy.
WhatsApp Security Flaws
There are some real and potential security flaws to WhatsApp. A big one is that malware downloaded to your phone can get access to your encryption. Malware can get access to your messages and other data and send them to the bad guys.
Many hackers use phishing scams, which try to entice users to open Trojan messages that contain malware or malicious links. Popular variations of this tactic include messages that claim to offer you a job or ask you to claim your prize. Others might be from somebody that claims to be romantically interested in you.
There are also some that even claim to be from a friend. If a hacker cracks somebody else’s phone, he can get access to that person’s contacts and send all of them phishing messages. The messages will appear to come from a friend, coworker, relative, or loved one and might even mimic that person’s writing style.
WhatsApp Web, which allows people to access their messages via computers, may not be as secure as WhatsApp over the phones. The Telegraph reported that it is fairly easy for hackers to insert malicious code into WhatsApp Web if they can learn somebody’s phone number.
Some of the code included ransomware, which takes over your computer and forces you to pay money in order to access your own data. The ransomware was sent out via a vCard.
WhatsApp has offered an update to WhatsApp Web that can help block this malicious code. Users can get it by simply downloading and adopting the latest version of WhatsApp Web.
This means that it might be a good idea for WhatsApp Users not to access via desktop or laptop computers with WhatsApp Web. It might not be as secure as the regular service is.
Additional WhatsApp Encryption and Security
News stories indicate that there could be other security flaws to WhatsApp, so users may need to take some other precautions.
You can add an additional level of encryption to WhatsApp by adopting one of the many free message encryption apps available from Google Play. The best include TextSecure Private, VIPole Secure, Vault-Hide SMS, Seecrypt, LOXApp Lock, and Open Keychain. Some of these may also be available at the App Store and the Windows Store as well.
It would also be a good idea to add a smartphone security and antivirus app to your phone. There are many excellent free security apps for Android phones available at Google Play, including McAfee, Smartphone Security from DreamWeb, Trustgo Team, Antivirus, and Lookout Security, Avira, and Antivirus. The best are apparently CM Security Antivirus, Area Smartphone from Smart Ester World, and Kasperky Internet from Kasperky Lab.
Running two or more different security applications can provide an added layer of protection. You should download a security app and try to run it on a regular basis, usually once a week, because you never know when malware is on your phone. Something to remember is that malware is targeting your phone and your WhatsApp right now and will keep trying until it gets in. Hackers never give up and never should you.