Whats App Security Guidelines

Information Security Education and Awareness (ISEA)

Project Phase-II

Introduction • WhatsApp Messenger is a FREE

messaging app

• Available in Android, IOS and many other smartphones.

• WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available)

• Most of us switched from SMS to WhatsApp to send and receive messages, calls, photos, videos, documents, and Voice Messages.

Security by Default provided by the App • End-to-End encryption

WhatsApp's end-to-end encryption ensures only you and the person you are communicating with can read what is been sent, and nobody in between, not even WhatsApp.

• Added protection

Every message you send has its own unique lock and key

Go to Settings-->Account-->Security

Threats to WhatsApp

Few security threats you need to know about. 1. Web Malware

2. Unencrypted Backups

3. Data Sharing between Facebook and Whatsapp

4. Crash Notifications

5. Snooping on other Whatsapp User messages

1. Web Malware

• Malicious cybercriminals are looking to exploit the popular messaging app.

• With the launch of a web interface and desktop application hackers were quick to pounce with fake WhatsApp websites and applications that stole data and distributed malware.

Few tricks used by hackers • Hackers masqueraded WhatsApp

Desktop applications.

• Created websites pretending to offer access to WhatsApp Web.

Tip: Although WhatsApp does offer a client for both windows and mac, the safest option is to go directly to the source at https://web.whatsapp.com/

https://web.whatsapp.com/

2.Unencrypted Backups • The backups that WhatsApp create contain

the decrypted messages on your device. • The backup itself is not encrypted • Vulnerable as there is no ability to change

your backup location No end-to-end security in the case of an backup and legal agencies can access with a warrant. Tip: It is always better to avoid abusing, bullying through Whatsapp messages and do not forward hoax calls and other threat messages

• Both Facebook and WhatsApp got together and part of its deal include data sharing from WhatsApp to Facebook. Information like the last time you used WhatsApp and your registered phone number is part of this data sharing between the Facebook/WhatsApp families.

•

• Tip: Turn off data sharing options on your WhatsApp.

3. Data Sharing between Facebook and Whatsapp

• Facebook and WhatsApp deal include data sharing from WhatsApp to Facebook.

• Information like the last time you used WhatsApp and your registered phone number is part of this data sharing between the Facebook/WhatsApp families.

Tip: Turn off data sharing options on your WhatsApp.

4. Crash Notifications • WhatsApp users discovered that they

could crash the target’s WhatsApp messenger installed on the cell phone.

• For this, send a message that is more than 7MB.

• When target person tries to open the thread whatapp will crash.

• The target can regain control by deleting the thread.

• Malicious people achieve the same thing by sending a message that is lesser than 2KB and it must contain special characters.

5. Snooping on other Whatsapp User messages • Xnspy, is a monitoring software, which

allows users to access target’s WhatsApp messenger to all chats, photos and videos exchanged, and call logs.

Tip: The best way to prevent a stranger accessing your WhatsApp is by making sure you never leave your phone lying around, or with someone whom you do not trust. It is better to install a tracking software or get a your phone’s Mac address.

Behavioural Tips for All

1. Always be courteous in replying after reading messages.

2. Show patience for receiving photos after the party/vacation

3. Avoid making fuss over others online behaviour

4. Make Appropriate Use of Emojis

5. Be clear in both words and approach

6. Avoid spreading fake news

7. Avoid getting into multiple

topics at one go

8. Do not argue over silly matters

9. Never begin a topic that would

hurt religious or cultural

sentiments.

10. Don’t spam with unnecessary

chains and forward messages

11. Control what you see and with

whom you interact

12. Control what you share

Tools On WhatsApp, there are some basic controls that you can adjust as you see fit to help you protect yourself:

1. Control who sees your information You can set your last seen, profile photo and/or status to the following options:

• Everyone: Your last seen, profile photo and/or status will be available to all WhatsApp users.

• My Contacts: Your last seen, profile photo and/or status will be available to your contacts from your address book only.

• Nobody: Your last seen, profile photo and/or status will not be available to anyone.

Read Receipts are always sent for group chats, even if you turn off the option in your privacy settings.

2. Configuring your privacy settings in Android Phones

• By default, WhatsApp sets your privacy settings to allow:

• Any WhatsApp user to see your read reciepts, last seen, about and profile photo.

• Your contacts to see your status updates.

To change these settings, simply go to WhatsApp > Menu Button > Settings > Account > Privacy.

3. Configuring your privacy settings in IOS based mobiles

• By default, WhatsApp sets your privacy settings to allow:

• Any WhatsApp user to see your read reciepts, last seen, about and profile photo.

• Your contacts to see your status updates.

To change these settings, simply go to WhatsApp > Settings > Account > Privacy.

Note: • If you do not share your last seen, you

won't be able to see other people's last seen.

• There is no way to hide when you are online or typing.

• If you turn off read receipts, you won't be able to see read receipts from other people. Read receipts are always sent for group chats.

• If a contact has disabled read receipts, you will not be able to see that they have viewed your status update.

Using Status Go to the Status screen. Tap the Menu Button > Status privacy. Choose who can see your status updates. Note: Changes to your privacy settings won't affect status updates that you have already sent.

Changing your status privacy Your status updates cannot be seen by people whose numbers are not saved in your phone's address book. You can choose to share your status updates with all of your contacts, or with selected contacts only. By default, your status updates are set to be shared with all your contacts. To change your status privacy: Go to the Status screen. Tap Privacy on the top left of your screen. Choose who can see your status updates. Note: Changes to your privacy settings won't affect status updates that you have already sent.

To forward your status update to a chat: 1. Go to the Status screen. 2. Tap the three dots next to My Status. 3. Select the status updates you wish to

forward, then tap Forward. 4. Choose from Frequently Contacted,

Recent Chats or use the Search bar to look for a contact or group, then tap Forward.

Manually deleting your status update Status updates automatically disappear after 24 hours. You can also manually delete your status update, which removes it from your contacts' phones. To manually delete your status update: 1. Go to the Status screen. 2. Tap the three dots next to My Status. 3. Long press on the status update you

wish to delete. 4. Tap Delete.

Muting a status update You can mute the status updates of a particular contact so they won't appear at the top of the status list anymore Muting a status update You can mute the status updates of a particular contact so they won't appear at the top of the status list anymore. To mute a status update: 1. Go to the Status screen. 2. Long Press on your contact's status

update you wish to mute. 3. Tap Mute.

To unmute a status update: 1. Go to the Status screen. 2. Scroll down to see the Muted

statuses. 3. Long press the contact you wish to

unmute 4. Tap Unmute.

To block a contact 1. Open WhatsApp. 2. Open the Application Menu (Swipe

down from the top of the screen). 3. Tap Settings > Privacy Settings >

Blocked Contacts. This page displays all contacts that you have blocked.

4. Tap Add Contact icon at top right of the screen to select a contact to block.