How to know if WhatsApp is hacked?
A new collaboration project between WhatsApp and Cloudflare has started, aimed at improving user security by helping validate the authenticity of the desktop browser apps for the WhatsApp messaging service. The project is called Code Verify, and it will notify users if the WhatsApp code that’s being served to the browser cannot be verified.
If there’s a validation issue, the user will be notified automatically that the integrity of the web app cannot be verified and that they shouldn’t keep using it. At the moment, Code Verify is available as a Chrome and Microsoft Edge browser extension, and Meta (the owner of WhatsApp) has stated that it plans on developing a similar extension for Firefox as well.
The reasoning behind the introduction of this new feature, according to the Meta statement, is that, in the past year, a significant increase has been noticed in the number of people who access WhatsApp primarily through their web browsers. Using WhatsApp through the browser, while still secure, doesn’t offer the same levels of protection compared to using WhatsApp through a dedicated app. The goal of Code Verify is to enhance the protection of those users, who choose to access the service directly through their browsers.
Can WhatsApp be hacked?
The Code Verify browser extensions run the WhatsApp code of the browser through Cloudflare, as a third-party auditor. Cloudflare compares the local hash of the WhatsApp browser client code to the cryptographic hash of the WhatsApp JavaScript code that’s shared by Facebook (Meta) to determine if the two match. If a mismatch is detected, this means that the user’s WhatsApp cannot be verified and might be hacked, in which case the user would receive a warning from Code Verify.
According to Facebook, Code Verify has been programmed to be flexible and adapt to any changes in the code for WhatsApp Web, so that the code comparisons are always accurate and don’t trigger any false warnings.
WhatsApp developers have also stated that the new security feature will not have access and will not read the messages that users send or receive, and it also won’t know if the user has actually downloaded the extension. No data, metadata, or user data will be logged by Code Verify and no information will be shared with WhatsApp.
In a statement by Cloudflare, the company’s developers said that the idea of applying such security measures to verify an app isn’t new. However, what’s new here is automating the process, deploying it on a large scale, and ensuring that it functions on its own.
Leave a Comment