WhatsApp is a cross-platform application used by millions of users. Many subscribers are concerned about the security and protection of their personal data when working in the messenger. The developers pay attention to the fact that WhatsApp security is at a fairly high level.
Messenger security
The first thing you should pay attention to is the terms of service on WhatsApp. The developers have prescribed such points as the protection of personal data, the prohibition of insults and threats during correspondence.
The tools offered to ensure security are also important. For example, here you can set parameters that limit access to the user’s profile (his status, photo, time of last visit to the application).
Messenger subscribers are given the opportunity to change notification settings by turning off read notifications for messages sent to another contact.
Encryption
In WhatsApp, encryption allows you to ensure the confidentiality of correspondence. At the beginning of its history, developers used the XMPP channel. Messages were transmitted over an unsecured path and could be easily traced. In 2012, the developers tried to correct the situation. Then the correspondence became quite secure and they tried to hide it as much as possible from outsiders.
However, at the end of the same year, another vulnerability was found in the application. Through it, it was possible to hack the correspondence of any user and read it. The developers quickly dealt with the problem and released a new version of the messenger, in which protection was given special importance.
From time to time, bloggers' messages about WhatsApp vulnerabilities appear on the Internet. For example, one Dutch student noted that he could even read encrypted messages in the messenger. This is due to the encryption process itself, which uses the same phrase. But the security problem arises mainly when using public points wireless access to the network.
Despite such messages, the developers themselves state that the security of the application increases with every new version. The confidentiality of correspondence is also guaranteed by the fact that messages are stored on users’ devices and not on servers. Therefore, only senders and recipients have access to chat history.
The trend towards secure communications that began with text messages has also affected “voice”. In 2016, WhatsApp, Viber and ICQ announced the use of end-to-end encryption in voice calls. To provide secure calls, the Signal messenger was launched in 2014. Also two years ago, the presence of encryption in the FaceTime service was announced in.
One of the once popular solutions in this area, Skype, introduced voice protection back in the late 2000s, which upset Western intelligence agencies.
However, as the editor of MForum Analytics, an expert in the field of telecommunications, notes in a conversation with Gazeta.Ru, the transition of subscribers to IP telephony and video communication is caused primarily by ease of use and price. In fact, a client of a particular operator only needs to pay for an Internet traffic package, which is increasingly unlimited.
The speaker admits that privacy is important for a certain percentage of users, but certainly not for the majority. The same opinion was expressed in a conversation with Gazeta.Ru by the general director of the information and analytical agency TelecomDaily. In his opinion,
the number of subscribers switching to service solutions due to concerns about confidentiality does not exceed 10%.
In general, market experts agree that Internet services do provide a higher level of confidentiality of conversations than regular mobile communications.
Let us recall that operators, according to Russian law, are required to install SORM-1 on their networks, which allows law enforcement agencies to gain access to any conversation. In 2014, the authorities became concerned about the data transmitted on the network, obliging providers to install the so-called SORM-3. Thanks to the system, the conversation, which is information in digital format, remains with the operator. However, due to coding, understanding this data packet, how and what exactly the user said, and at what moment he looked at pictures with cats, remains a difficult task for law enforcement officers.
“At the same time, one should not overestimate the security of international instant messengers; it is not 100%, and the intelligence services of various countries probably have the notorious “keys” to some services,” warns Boyko.
Annoying privacy
The founder of the Internet Protection Society, Leonid, told Gazeta.Ru that he had not encountered specific cases of wiretapping of voice calls in Skype, Viber or WhatsApp.
According to him, people who pay increased attention to privacy prefer FaceTime. But he found it difficult to answer what exactly caused this choice: taste preferences or really powerful protection the service itself.
Turkish President Recep Tayyip Erdogan on CNN via FaceTime
Volkov also said that theoretically, instant messengers with call support cannot be considered completely safe, but there is a long way to go from theoretical vulnerability to practical interceptions.
“First of all, because there are much simpler ways to obtain information: plant a Trojan that will record the “voice” on the device,” explains the IT specialist.
The publication’s interlocutor believes that this method is several times more effective and cheaper. An expert from ESET Russia also warned about installing malicious software on a user’s device in a conversation with Gazeta.Ru.
At the same time, in his opinion, data transmitted via the Internet is easier to intercept than in operator networks.
“There are many possible connection points: in local network, via public Wi-Fi, from providers, etc. You don't need expensive equipment for this - just regular computer or a tablet with hacker software,” the speaker noted.
But if strong encryption is used, then even after intercepting the traffic, the attacker will not be able to “listen” to it, continues Zheleznyakov.
The inability of intelligence agencies to reach the contents of calls organized using an Internet connection can be an irritation for the authorities. Kuskov called the lack of SORM in communication services a problem from the government’s point of view.
The analyst predicts that in the future there will be “fights” between legislators together with the owners of instant messengers to establish “cooperation.”
The speaker is not sure whether the adoption of the “Yarovaya package” can be considered an attempt to subordinate the secret services to Skype, Viber and WhatsApp, since it is still unclear how the law will work and what information is needed on it. The agency itself said last week that the document does not require mandatory certification of encryption tools on the Internet.
Volkov even called the “Yarovaya package” nonsense. “Even more traffic will be written and stored on it, and, therefore, it will be even more difficult to find anything valuable in it,” the expert added.
Difficult to predict future
The enormous growth in popularity of applications that support voice calls around the world is due, as in other cases with innovative products, to the development of gadgets and high-speed mobile internet(3G and LTE).
After Russian operators switched to a package model for providing their classic services, savings from calls via Skype or Viber began to disappear. But thanks to the ubiquity of smartphones and Wi-Fi connections, it remains comfortable to use applications and the ability to make calls without unnecessary difficulties when traveling to other countries.
One of the latest trends in the market has been the active distribution of video content. The phenomenon has not spared the segment of Internet communication services. Thus, according to ICQ, almost 59% of calling users communicate via video conference.
Boyko and Kuskov believe that in Russia it is difficult to predict the future not only of “voice” services, but also of any other telecom products.
“We have too high a probability of political decisions that could affect this market,” predicts an MForum analyst.
But the speaker reassures: if force majeure does not arise, then there is no doubt about the further growth in popularity of various international messengers due to their global nature and ease of implementation.
In the coming year, the authorities may develop amendments to the Law “On Communications” that will regulate the activities of Internet services. In particular, the head of .
Telecom corporations may also be interested in preparing legal regulations that will affect the operation of voice calls on the network.
“Russian telecom operators have few levers that would allow them to retain voice and SMS subscribers. If they don’t use their lobby to get market regulators to directly ban the actions of competitors, then they have little chance,” Boyko said.
At the same time, companies have the opportunity to work in cooperation with services, receiving a share of revenue from them in exchange for network settings, the expert added.
Manipulations with channel capacity and data transfer speeds can, on the contrary, become an attempt at blackmail on the part of operators, Kuskov believes. But one company, according to the analyst, will not be able to change the situation, and if the operators collude, it will join in.
WhatsApp is the most popular messenger today for free messaging between smartphone users. The program exists for various platforms: iOS, Android, Windows, Blackberry and even the now defunct Symbian. The program was created in 2009 by Jan Koum and Brian Acton. In 2014, it was bought by Facebook for $19 billion. But this is, so to speak, the background story. I will teach you how to read other people's WhatsApp messages for free without downloading third party programs, as well as registration without SMS))) The method is based on social engineering and does not use any third-party or malicious software.
Hack WhatsApp
In March 2014, programmer Bas Boschert published instructions for hacking WhatsApp correspondence. Its essence was that the program installed on Android device stores a database of correspondence in open form, later the creators encrypted this data, but it was also easy to decrypt. Considering the popularity of this program, there is no doubt that there will be many who want to gain access to the account and read other people’s correspondence.
Addition regarding enabling encryption in WhatsApp
In April 2016, Jan Koum announced that messages from all WhatsApp users, as well as group chats, are now encrypted using the " end-to-end encryption", i.e. messages and voice calls of users cannot be intercepted by third parties (hackers, criminals, security forces, intelligence, etc.) This is of course all great, but WhatsApp has gone the way of Telegram. I think the catalyst for this decision was the precedent with Apple, which the FBI forced iPhone hacking terrorists from San Bernardino.
A way to read someone else's correspondence, which is listed on this page is based on the method of social engineering and it does not matter here whether encryption is enabled in WhatsApp or not. Encryption protects against eavesdropping, but not when there is direct access to phone. Therefore, to protect your WhatsApp account from hacking, always set a password for it (for unlocking or for launching a specific application).
To enable encryption in WhatsApp you don't need to do anything special. Update your program to the latest version. In order for a conversation between two subscribers to be encrypted, both interlocutors must have the latest version WhatsApp.
I wrote separately about encryption.
My instructions for hacking WhatsApp
This is not even WhatsApp hacking in its usual sense. Hacking involves the use of third-party programs, viruses, Trojans, etc. I'll just teach you how to read other people's correspondence. To do this, the developers themselves released such a function as a web version. With certain settings, it can be used for your own selfish purposes. Access to the victim's phone is required, at least for 30-60 seconds.
1. The first thing we need is to open our personal PC and go to the page https://web.whatsapp.com/ There must be a “stay logged in” checkbox.
2. The second is the phone, the correspondence from which you need to read. Open WhatsApp, go to the menu and select the item WhatsApp Web. It is in this place that you need those very 30-60 seconds during which you need to have time to scan the QR code on the computer screen with your smartphone camera. The code changes every minute, so there is little time to think about it.
3 On the computer, the same chats with correspondence open in the browser as on the phone. You can also send messages and read them in real time.
The victim, whose correspondence is now available for you to read, will not even know about it unless you tell about it yourself. If you go to the WhatsApp Web menu on your phone again, you will see that a session is open on your computer. I can say with confidence that this information will not say anything to 99% of users and no one will guess that someone else is reading his correspondence.
Important! Access to your WhatsApp account, and therefore reading correspondence, is only possible when the smartphone itself is connected to the Internet. If it is offline, there is no synchronization between your phone and computer.
This information was written by me purely for informational purposes. Take care of your phones or put a password on them, like I do.
To protect your Android smartphone from hacking, which is described above, I recommend installing . With its help, you can set a password to launch any application; WhatsApp, for example, will not start until you enter the correct password.
How to start a WhatsApp Web session on your phone
Good news, comrades! Finally, it is possible to launch a WhatsApp Web session on your phone. If earlier, when you tried to open the code scanning page in a mobile browser, you were automatically thrown into the application, but now it is possible to bypass this limitation. How?
Download the application called Whatscan for Whatsweb from PlayMarket or AppStore. Launch it and you will see the usual window for scanning the QR code. The application takes on the role of a browser on a computer. By scanning this code from the “victim’s” phone, you will be able to read her messages without being tied to a computer, i.e. directly from the screen of your smartphone.
How well the application works, write in the reviews. For now, this is the only way to read another person’s WhatsApp messages from your phone.
How to find out passwords for email and pages on social networks VK and OK.
If you want to go even further and find out other people’s passwords for VKontakte, Odnoklassniki, mail accounts, etc. look . The method is 100% working and tested. We read carefully and strictly follow the instructions. We ask questions ONLY after reading.
Checking cheating using GetContact
The new GetContact app at the end of February is literally “. By installing a small program on your phone, you can search for information about numbers you are unfamiliar with from a common database, which is replenished by users just like you. The original idea of the program was to fight spam. But if in analogues users themselves mark this or that number as spam, GetContact, without asking, pumps out the ENTIRE phone book into a common database that EVERYONE can see. When you enter a number, you see how it is written in different people’s phone books. For example like this:
But what if a man is registered under female name? Or is the woman registered as a man? A reason to think. Find out how to remove yourself from the GetContact database.
Four tips to follow for anyone concerned about personal data leaks.
But before you start spreading your plans to overthrow global capitalism via WhatsApp, keep in mind that intercepting messages while they are in transit is just one way to spy on you, and a rather unlikely one. Encryption itself isn't much use unless you also follow the rules below.
You don't save messages on your phone
If you really want no one to read your messages except you, delete them immediately after reading them. If someone gets a hold of your phone (steals it, for example) and is able to unlock it—as the FBI most recently did with the San Bernardino shooter's iPhone—they will have access to everything stored in memory. Some instant messengers, for example, have a “self-destruct” function, when activated, messages are automatically deleted after a specified period of time. WhatsApp does not have such a feature yet. (On the other hand, in Telegram end-to-end encryption does not work by default; you need to enable it specifically.)
You are not saving messages to the cloud
WhatsApp does not save your conversations on its servers. But, for example, you can save backup copy messages on iCloud, cloud service. Once information reaches the cloud, it can be intercepted by the government.
Signal is an app popular among privacy advocates. It uses the same encryption technology as WhatsApp and does not back up to the cloud.
Way to go WhatsApp, but I"m not ready to give up Signal. I fear that many of my WhatsApp friends have enabled unencrypted cloud backups.
Christopher Soghoian (@csoghoian) April 5, 2016
Great job WhatsApp, but I'm not ready to give up Signal just yet. I suspect that many of my WhatsApp friends have cloud copy enabled.
Christopher Soghoian (@csoghoian)
And hopefully it goes without saying that taking a screenshot of messages you've deleted also puts you at risk if enabled backup photos or you will lose your phone.
Nobody's looking at your screen
If someone can see the screen of your phone with correspondence, then there is no point in encrypting it. Plus, given the proliferation of phones with powerful cameras, the only way to completely protect yourself from this is to move away from all possible lines of sight and avoid being near any reflective surfaces, including glasses and perhaps even your eyes themselves. So, perhaps, it is best to correspond in a room without windows, with your back against the wall.
Claims that all encrypted instant messengers are vulnerable, and especially Whatsapp. The material caused a lot of noise, but is it really so sad? Internet security expert company Open Whisper Systems claims that nothing new was written in The Guardian and that they attacked WhatsApp in vain.
Last spring, Whatsapp released the biggest update in its history - the addition of a force end-to-end encryption feature, which essentially means that no one, including Whatsapp, can read your correspondence. Yesterday's investigation by The Guardian presents the opinion of an expert who claims that Whatsapp deliberately left a “backdoor” in its code for possible interception of messages by intelligence agencies and other interested parties. The Whatsapp developers themselves claim that this is not at all true, and that the potentially unsafe behavior of their application is nothing more than making life easier for their many users.
Safety Whatsapp correspondence was developed with the help of Open Whisper Systems, the same company that developed the most secure messenger in the world - Signal, and in its blog the company describes in detail how everything works. WhatsApp has implemented the Signal protocol (and it has also been implemented in the recent Google Allo), which issues each user two security keys: a public key by which other users can identify him and a personal private key that will be assigned to the device. As people change their phones and apps frequently, your security keychain will change accordingly. Users can ensure the privacy of their communications within Whatsapp by checking the security code on each device participating in the conversation - if the codes match, this will mean that there is no interception of messages between the interlocutors (this type of attack is called man-in-the-middle, MITM).
The Guardian is based on an investigation by Tobias Belter. He claims that the Whatsapp server can be hacked based on requests from third parties. That is, WhatsApp can generate new key security and give it to these same third parties until users notice that something has happened. In the Signal app messenger, any substitution of the security key results in the inability to send a message and a security warning, and all this happens before the user is about to forward the message again and independently. In Whatsapp, the user receives a notification about a key change, and the message will be automatically recoded to the new key and sent to the recipient. That is, only then will you be able to find out whether the new key actually matches your recipient. Despite the fact that this warning setting in your Whatsapp still needs to be enabled manually:
Open Whisper Systems explains this behavior of Whatsapp by the ideological simplicity of using the messenger. Also, Whatsapp servers do not know who has enabled the warning setting and who has not - so a hacking attempt can be quickly detected. In any case, Whatsapp “lawyers” insist that such a security policy can be called whatever you like, but it is not a vulnerability or a backdoor. This is a “feature”.
Many Western security experts agree with Open Whisper Systems' findings:
It’s ridiculous that this is presented as a backdoor. If you don’t verify keys, authenticity of keys is not guaranteed. Well known fact.
Frederic Jacobs (@FredericJacobs)
