Facebook

Is WhatsApp Safe to Use?

in Privacy
Is WhatsApp Safe to Use

Facebook’s messaging app WhatsApp has more than two billion users across the globe. With so many people using this app daily to send private messages, we should all ask ourselves: “Is WhatsApp safe to use?”

In this guide, we dive into the popular messaging app to gauge how trustworthy it is for individuals who care about privacy and security.

Is WhatsApp Safe?

is whatsapp safe

According to Facebook, WhatsApp’s end-to-end encryption ensures that only you and the recipient can read a message. Facebook states that it does not have access to the messages you send and receive.

When you first open WhatsApp on your phone, two keys are generated: a public and private key. The user keeps the private key while WhatsApp sends the public key to the receiver via a centralized server. When someone sends the user a message, the public key encrypts it and the user decrypts the message using the private key.

Simply put, every message you send and every call you make on WhatsApp is encrypted and inaccessible to third-parties. To confirm that this encryption exists, tap the profile of any contact and go to encryption. If you can, scan the code on your contact’s phone. On the other hand, you can manually compare your 60 digits to those of your contact to see if they match.

How Secure Is It Really?

While WhatsApp’s end-to-end encryption sounds good, it doesn’t guarantee 100 percent security.

Most people use WhatsApp to share sensitive and private information because they believe that the encryption keeps this data safe. However, this is not the case. 

According to a report by Bloomberg, a hacker can access the information you share via WhatsApp without having to decrypt the message. By gaining entry to your phone’s operating system, he or she can read every message you send or receive on WhatsApp.

“End-to-end encryption is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security. Encryption is, of course, necessary, but it’s not a fail-safe way to secure communication,” wrote Leonid Bershidsky.

Moreover, if law enforcement believes that you are using WhatsApp to conduct illegal activities, it can access your information in several ways.

  • Firstly, they can read your messages if they have physical access to your phone.
  • Secondly, they can submit a court order or a search warrant to WhatsApp requesting the disclosure of your information.
  • Thirdly, should governments succeed in forcing tech companies to create backdoors to their encrypted apps, all your data and messages will be available to government agencies.

Threats to WhatsApp Users

In 2019, Pegasus spyware spied into the phones of 1,400 people by exploiting the WhatsApp video and audio calling features. The spyware infected target phones whether the phone owners received the calls or not. This makes spyware a huge threat to WhatsApp users because they can infect mobile phones without users taking any action.

The Pegasus cyberattack abused WhatsApp vulnerabilities, a sign to users that the app is not as secure as they think.

Furthermore, a flaw was discovered that makes links to WhatsApp group conversations available on search engines. Links to group chats were previously available on Google but Facebook made a change preventing this search engine from indexing such conversations. However, links to group chats are still available on other search engines. 

WhatsApp reported twelve vulnerabilities in 2019, a rise from one or two medium-category vulnerabilities reported in the past few years. Of the twelve vulnerabilities, seven were critical.

Can You Trust Facebook?

Facebook

Facebook does not have the best track record of protecting the data privacy of its users. In 2018, it emerged that Cambridge Analytica had harvested personal identifiable information of 87 million Facebook users. The harvested data is attributed to the success of Donald Trump’s 2016 presidential campaign and the pro-BREXIT campaign.

History has shown that Facebook has handled security and privacy matters horrendously. But does that mean that you should stop using WhatsApp?

Well, that depends on what you are using it for.

If you want to discuss sensitive matters with friends or family or exchange important business information, probably not. If you want to send someone a quick hello or make plans for coffee, you should be okay.

Should you decide to continue to use WhatsApp, here are several measures that you can take to stay safe:

  • To secure group chats, admins should reset the invite link to generate a new one. This measure is necessary if you shared the previous link publicly.
  • Do not back up your WhatsApp data to the cloud where the government or hackers could access it.
  • Enable two-factor authentication to add an extra layer of security. To do this, go to “Settings,” then click on “Account.” Next, tap “Two-step verification” and enable it.
  • Turn on security notifications to receive alerts when the security codes of your contacts change. To do this, go to “Settings” then tap “Account.” Select the “Security” option and turn on the button to “Show security notifications.”
  • Verify that the messages you are sending are encrypted by scanning the code on your contact’s phone or by checking that the 60 digits match those of your contact.
  • Install WhatsApp desktop instead of using WhatsApp web, which hackers could manipulate.
  • Review your privacy settings to check who can view your status, profile photo, live location, and about section. Also, you can turn off read receipts and control who can add you to groups. Go to “Settings>Account>Privacy to change these settings.
  • Only send non-sensitive media files because once you send them, they are out of your control.
  • Avoid clicking suspicious links shared to you on WhatsApp.

The Dark Web Journal does not recommend using WhatsApp for anything other than trivial conversation. If you need to exchange sensitive information, we recommend using the open-source messaging app Signal.

5 Ways Hackers Are Hacking Facebook

in Cybersecurity/Hacking
hacking facebook

Facebook is one of the largest social networks in the world, with over two billion accounts, making it a target for black hat hackers. Facebook also has a real name policy, meaning you have to use real information when setting up an account. If someone is hacking Facebook, there is a high probability that your personal information is compromised and can be used for other things. 

Discover the top five most common ways cybercriminals are trying to hack your Facebook account.

Phishing

You would think people have stopped falling for phishing attempts. However, that is not the case.

Phishing usually starts with an email sent to you from what looks like Facebook Support. The email asks you to log in to your account for some reason. The hacker has created a fake login page that looks very close to the original. That is where the email will direct you. Once you put in your login credentials, it saves them. Just like that, the hacker has your information. 

The best way to prevent this is not to click on unknown links and to check carefully whether emails you receive are real or not. Also, turn on phishing blockers on your browser.

Using a Keylogger

Keyloggers are much more rampant than most of the other strategies in this guide. A keylogger records all the keys pressed on a keyboard.

To hack a Facebook account password, hackers create a keylogger server that will run on the victim’s machine, capturing all keystrokes and emailing themselves the records. Keyloggers are spread through malicious websites, pen drives, and USB hard drives. 

A keylogger is particularly dangerous because it can steal sensitive information like bank credentials and other personal information. To learn how to detect a keylogger on your device, check out our guide here.

Plain Password Stealing

Plain password stealing is a common method for Facebook hacking. Therefore, it is important to be aware of this technique. 

facebook hacker

A hacker targets a poorly secured website and hacks their database to steal people’s plain usernames, passwords, and other personal data. That especially works on sites that allow users to sign up or sign in using their social media credentials. Also, most people use the same passwords across different websites, which means if hackers have access to one database, they have access to all your accounts, including Facebook.

To prevent this kind of hack, try not to sign up with your social media credentials on low-quality websites. Some of these sites just store your details in their database without even thinking about encryption or security. 

Another way to protect yourself is to set unique passwords. Do not use the password used on your Facebook account and any other meaningful site for another website/portal.

Corrupted Browser Extensions

This hack comes from downloading harmful browser extensions. You are often prompted to download some browser add-on when you visit malicious websites. Some of these add-ons were created by hackers to be able to control your computer or gain access to your data. Also, these browser add-ons can enable the hacker to perform actions like posting status updates on your wall or liking a Facebook page.

The way to protect yourself from this, do not trust any third party websites hinting that you add a browser extension. You should only install an add-on from the browser store, and only trusted publishers. Ensure you monitor activities on your Facebook account from time to time too, using the Activity Log.  

Social Engineering

Social engineering is information gathering on a person and using that information to gain access to the person’s account. Someone who knows enough about you may be able to get into your account by guessing your password.

A simple way to avoid almost all the hacking tactics listed here is to enable two-factor authentification on your Facebook account. If you set up two-factor authentication, Facebook would ask you to enter a special login code or confirm your login attempt each time anyone tries accessing your account from a computer that Facebook doesn’t recognize.

Go to Top