WhatsApp has launched a major security update as it unveils a new ‘lockdown’ mode.
This set of security features, known collectively as ‘Strict Account Settings’, is designed to protect users from advanced cyberattacks.
Once turned on, the feature will limit how your WhatsApp works in some ways, including blocking attachments and media from people you don’t know.
Accounts with lockdown mode activated will also automatically silence all incoming calls from people not in their contacts.
In addition to changing how other users can contact you, Strict Account Settings will alter how your account appears to other users.
With the settings activated, WhatsApp will restrict who can add you to a group, and block non–contacts from seeing your profile photo, ‘about’ details, and online status.
Meta, WhatsApp’s parent company, says that the feature will roll out gradually over the coming weeks.
Thankfully, the company reassures that the vast majority of users will never need to activate these new settings.
WhatsApp has launched a new ‘lockdown’ mode, known as strict account settings, that protects users from sophisticated cyber attacks
Will Cathcart, head of WhatsApp at Meta, said in a statement: ‘We’re always adding more layers of security on WhatsApp.
‘For the few users – like journalists, or public–facing figures – who may find themselves needing extreme protections against sophisticated and targeted cyber attacks, we’re rolling out a new feature called Strict Account Settings.’
Although WhatsApp provides end–to–end encryption by default, meaning no one but the receiver can read the message, that security isn’t enough for some individuals.
Certain types of ‘rare and sophisticated malware’ can be hidden inside innocuous file types like pictures, videos, and PDFs.
These files would look normal to the receiver, but secretly contain code that infects the target device to steal information or install tracking software.
Strict Account Settings are intended as a specific counter to these types of attacks by preventing high–risk users from receiving suspicious messages in the first place.
The most infamous use of such a sophisticated attack was the Pegasus malware, designed by Israeli cyber–arms company NSO Group and licensed to governments around the world.
This was designed to infect devices using ‘no–click’ methods, exploiting unpatched security vulnerabilities in the phone’s operating system.
Once turned on, the feature will limit how your WhatsApp works in some ways, including blocking attachments and media from people you don’t know, and silencing incoming calls from non–contacts
The software could be placed on a phone by calling that device or sending it a message, even if the user never answered the call or opened the attached file.
Once infected, devices were converted into surveillance systems, filming through the camera, listening through the microphone, and sharing the user’s exact location.
After the extent of Pegasus’s use was uncovered, Meta sued the NSO Group and received £121.3 million ($167.25 million) in damages.
More recently, WhatsApp announced that it had thwarted a similar spyware campaign targeting journalists and ‘civil society members’ using malware developed by Israeli spyware firm Paragon Solutions.
However, such attacks are extremely rare and are generally used by nation–state entities rather than run–of–the–mill cybercriminals.
Given that lockdown mode restricts your account functionality so thoroughly, Meta suggests that you probably shouldn’t use it.
WhatsApp says: ‘You should only turn this on if you think you may be a target of a sophisticated cyber campaign.
‘Most people are not targeted by such attacks.’
WhatsApp says that this is only meant for journalists or public facing individuals who might be targeted by extremely advance spyware campaigns, such as the infamous Pegasus malware created by spyware firm NSO Group (pictured)
But, if you believe you might need ‘extreme’ protection from sophisticated spyware campaigns, you can turn on lockdown mode with a few simple steps.
Open your WhatsApp app and head to settings, select the tab marked ‘Privacy’ and navigate to the ‘Advanced’ section, where you will find the option to toggle Strict Account Settings.
This update comes amid accusations that WhatsApp has failed to provide adequate security for its users.
The company is currently facing a lawsuit that alleges WhatsApp does not provide end–to–end encryption.
The suit, brought by a group of users based in countries such as Australia, Mexico, and South Africa, claims that Meta employees can request to view a user’s messages – bypassing end–to–end encryption.
Meta has hit back at the claims, calling the allegation ‘categorically false and absurd’.
The company added, in a statement given to PC Mag, that the lawsuit is ‘a frivolous work of fiction and we will pursue sanctions against plaintiffs’ counsel.’
How to sign up to The Mail’s WhatsApp Channel
Scan this QR code and you’ll be taken to a page to join the channel
If you are reading this on your mobile web browser or in our mobile apps then simply click on this invite link to get Daily Mail Channels.
If you are reading this on desktop you can use your phone to scan the QR code and you’ll be taken to a page to join the Channel.
If you can’t see Channels in WhatsApp on your device, try updating WhatsApp via your app store. You will then need to close WhatsApp and then open it again.
Once you’ve joined The Mail’s channel, make sure you tap the bell icon at the top of the screen to receive notifications. (You can always turn them off later).
Once you’ve joined The Mail’s channel, make sure you tap the bell icon at the top of the screen to receive notifications
