WhatsApp has become the hub of communications, both personal and business, of many people around the world. It is legitimate for users to be concerned about the actual degree of privacy guaranteed by this application, but how are things really? We really need to worry about someone spying on our smartphones and read WhatsApp conversations? Let's try to find out together.
Below you will find a list with the main threats that WhatsApp users can encounter, the situations in which they are most likely to encounter them and a series of tips - I hope useful - on how to identify and eradicate any spying activities practiced on their mobile phones. . Remember: we must not be paranoid, but it is right, indeed quite right, to inquire about the potential risks that you run and equip yourself to adequately protect your privacy. This speech is not only valid for WhatsApp, it applies to all the activities we carry out in our lives, both online and offline. Enjoy the reading!
Caution: spying on the communications of others is a serious violation of privacy and in some cases a crime punishable by law. This article has been written for illustrative purposes only, therefore I do not take any responsibility for the use that will be made of the information contained therein.
WhatsApp Web and privacy issues
WhatsApp Web is a very useful feature, but it hides some potential pitfalls which is right to be aware of. As widely known (and as I also explained in my tutorial on how to use WhatsApp Web), this service allows you to use WhatsApp from your computer simply by scanning a QR code with your smartphone. If you put the check mark next to the option Stay connected, subsequent accesses to WhatsApp Web become automatic, the scan of the QR code is no longer required (provided you connect from the same browser without deleting cookies), and so far so good.
The problem arises from the fact that, in order to work, WhatsApp Web does not require smartphones and PCs to be close together. The mobile phone can also be kept away from the computer, connected to the 3G / LTE network of your operator, as long as the device is switched on and connected to the network and this represents a potential risk.
An attacker, in fact, could take advantage of our moment of inattention to take our smartphone and log in to WhatsApp Web in order to remotely access all our conversations.
Fortunately, there is a way to protect yourself: just activate a biometric recognition system like it on your device unlock through the face or with theFingerprint. In this specific case, in fact, in addition to protecting access to your smartphone, any unauthorized connection to WhatsApp Web / Desktop, since every connection attempt must be confirmed by the device owner.
Also, there is a way to easily discover WhatsApp Web intrusions and stop them, but it's good to be aware of this potential risk. The way to discover any intrusions in WhatsApp Web is to open WhatsApp on the smartphone, press the button (...) (or your Settings on iPhone) and go to the section Web WhatsApp application, where all currently active WhatsApp Web sessions are listed. If there are suspicious activity, just press the button Log out of all computers and automatic access to WhatsApp Web is disabled for all PCs (including that of any "spy").
Spy applications and other potential risks
Have you ever heard of the social engineering? This is the technique by which an attacker, playing with your good faith, could obtain physical access to your smartphone and carry out his plans to read WhatsApp conversations (or carry out other operations detrimental to your privacy).
After obtaining physical access to your smartphone, perhaps unlocked (therefore without a PIN to enter), an attacker could tamper with the system and guarantee continuous access to your communications. How? Unfortunately, there are several ways to do this.
One of the most "popular" techniques of the moment is the one that involves the installation of spy apps who secretly control all the activities carried out on the mobile phone and communicate them to the "spy" on duty. I also told you about it in my post on how to spy on a cellphone, remember?
Another rather concrete risk is that concerning the cloning of WhatsApp by modifying the MAC address. The MAC address, if you have never heard of it, is a 12-digit code that allows you to uniquely identify all devices capable of connecting to the Internet (such as smartphones). Well, an attacker could use applications to change the MAC Address of their mobile phone (eg. MAC Address Ghost e BusyBox your android e SpoofMAC on iPhone), make it look like that of your smartphone and activate a "cloned" copy of WhatsApp using your phone number. Fortunately, this is a fairly difficult technique to carry out, as it requires prolonged access to the victim's smartphone (first to find out the MAC address and then to receive the SMS with the WhatsApp verification code), but to be knowledge of its existence is certainly good.
Regarding remote espionage activities - those that involve the so-called sniffing of a wireless network - if you do not use public wireless networks you can sleep moderately peacefully. In fact, since the end of 2014, WhatsApp has been using a end-to-end encryption which makes messages unreadable for everyone except legitimate senders and recipients, and this should ensure the security of communications.
Unfortunately, the adoption of encryption technology is going a bit slow. At the time of writing it is only available on Android, but slowly it should also arrive on iOS and Windows Phone. There remains the problem of nature closed source of WhatsApp: we cannot analyze the application code thoroughly and therefore we cannot know if the end-to-end encryption is implemented perfectly, but on this front we can not do absolutely anything. The only solution would be to turn to alternative applications, such as Signal which is open source and uses the same encryption system used by WhatsApp.
How to protect yourself
Are you afraid that your mobile phone is under control and that someone is spying on the messages you write on WhatsApp? Here are some tips that could help you identify the threat and eradicate it.
Unfortunately, detecting spy apps is not easy. Many of them, in fact, hide and do not show signs of their presence on the smartphone. To "find them" you have to go through trials and, above all, you have to learn to recognize some alarm bells that could signal their presence.
- If theautonomy of your smartphone has dropped dramatically and you have not installed applications that could be the culprits of the problem, you may be dealing with a "spy" app.
- If for a few days the phone seems to be more slow than usual and you have not installed any apps or updates on it, there may be some spy application at the root of the problem.
- If the smartphone becomes a lot hot apparently for no reason, there may be some spy apps running.
Let me be clear, the "symptoms" that I have just listed are not exclusively related to spy applications, they can also manifest themselves following the use of "legitimate" applications that strain the phone or due to hardware problems.
Having said that, here are some simple steps you can take to try to "hunt down" spy applications.
- If you use a smartphone Android, go to the menu where all the apps that have permission to administer the phone are listed (Settings> Security> Device administrators) and find out if there are any suspicious applications in the latter, i.e. that you have not installed or authorized yourself. If you find any suspicious names, uncheck them and delete the relevant app from the menu Settings> Apps> All of Android.
- If you use a smartphone Android subjected to the procedure of root, open the application Superuser o SuperSU and check that among the applications that have root permissions there are not any suspicious ones. If you find any suspicious apps, disable them and uninstall them from your smartphone hidden in the menu Settings> Apps> All.
- If you use a iPhone, go to the menu Settings> General> Storage and iCloud Usage> Manage Storage (under Storage) and check that there are no suspicious apps in the list of apps installed on the device. If you find some "strange" name, immediately delete the application by "tapping" on its icon and pressing the button Delete app in the screen that opens.
- If you have one Jailbroken iPhone, try typing the code * 12345 in the dialing screen and try to connect to the addresses localhost: 8888 e localhost: 4444 from Safari. Some iPhone spy apps use these codes to reveal themselves and allow their settings to be changed. If you find that you are being spied on by one of them, open Cydia and remove the packages that concern you from your phone.
If you have not been able to detect any suspicious app but still fear that you have the phone under control, I'm sorry, but all you have to do is reset the smartphone and restore it to the factory state (erasing all the data inside it). If you don't know how to do this, read my tutorial on how to reset the phone.
Other tips I can give you are those of simple common sense (which, however, we often forget to follow!). A few examples? Use a Unlock PIN hard to guess, avoid connecting to public Wi-Fi networks (where "spies" often focus their activities) and don't leave yours unattended smartphone in public places.