How To Secure WhatsApp From Being Hacked on iOS

WhatsApp is the most widespread messaging app on the planet right now. This also means that there is a considerable number of hacking attempts going on. Do you use WhatsApp on your iPhone and worry about your messages being hacked?

A security researcher, who goes under the nickname ‘thegrugq’, has posted a guide for secure WhatsApp messaging on iOS. The following is the essence of their guide for protecting WhatsApp from hacking.

The following is the essence of the guide for protecting WhatsApp from hacking.

WhatsApp Benefits

WhatsApp is incredibly widespread and easy to use, so you can message basically anyone using this app. Recently they have rolled out high quality encryption which is enabled by default. The encryption works on text messages, media and documents transferred via this app.

But not all is shiny in the kingdom of WhatsApp. Let’s look at some security problems with the app.

WhatsApp Weaknesses​

We divide WhatsApp weaknesses into two categories: weaknesses that can be exploited by a simple attacker, such as a family member or a small-time hacker; and weaknesses that can be exploited by powerful entities like corporations, governments and strong hacking teams.

Weaknesses exploitable by a “limited attacker”

  • WhatsApp might be configured to automatically back up all messages on the iCloud. The backup is stored in plain text (i.e. without encryption), so that if someone knows your iCloud username and password, they can access your messages. For example, a mobile monitoring app called mSpy can easily monitor WhatsApp messages if given your password.
  • WhatsApp automatically saves received images and videos in the Camera Roll, which is usually automatically backed up to iCloud. Even if your messages are not backed up to iCloud, your WhatsApp photos are accessible to anyone who knows your password!
  • WhatsApp has no application level passcode. If your “limited attacker” knows the passcode to your iPhone, they can simply read your messages while you’re taking a nap.
  • WhatsApp displays notifications when messages arrive. While the text of the message is not shown, sender’s name will be displayed even if you don’t necessarily want to make it available to the person, who is staring at your phone.
  • When you switch from using WhatsApp to another app or lock the screen while in WhatsApp, iOS by default captures the screen and saves it to disk. Even if you think that your super private message is deleted, your storage might contain a screen capture of it. Needless to say, this screen capture can be obtained using various data recovery tools.

Weaknesses exploitable by a “powerful attacker”

  • WhatsApp doesn’t have an automatic feature deletion and it needs to read your whole contact list for the app to work.
  • All WhatsApp metadata is available to Facebook, the owner of WhatsApp. Metadata is the information about your messaging, for example timestamps of your messages and locations from which they were sent. A powerful attacker can get a lot of information from the metadata, even if they are unable to break the encryption. By knowing and comparing timestamps of different messages, they can find out who you’ve been talking to and for how long.

Your contact list and your metadata are exposed by WhatsApp to powerful entities, like governments, but we are focusing here on measures against simple attacks. Securing your messages from the government is out of scope.

How to Protect Your WhatsApp Privacy on iOS?

Here are the measures that you should take to maximize your WhatsApp security:

  • The most important part is to disable WhatsApp iCloud backup from the main iOS settings.
    Settings > iCloud > Storage > Manage Storage > This iPhone > Show All
    WhatsApp: OFF (Turn Off & Delete)

    This ensures that WhatsApp messages are not copied to the iCloud and monitoring apps like mSpy cannot spy on WhatsApp conversations (unless your iPhone is jailbroken and a monitoring app is installed on it). If you suspect that a monitoring app is installed on your phone, follow the guide to secure your phone from being tapped.
  • Configure your WhatsApp account privacy under WhatsApp settings

    Settings >> Account >> Privacy
    Last Seen: My Contacts
    Profile Photo: My Contacts
    Status: My Contacts
    Read Receipts: OFF
  • Configure WhatsApp Account security under WhatsApp Settings:

    Settings >> Account >> Security
    Show Security Notifications: ON
  • Disable messages preview under WhatsApp settings

    Settings >> Notifications
    Show Preview: OFF
    (unfortunately, this still displays the sender’s name)
  • Disable chat backup and saving media under WhatsApp settings

    Settings >> Chats
    Save Incoming Media: OFF
    Chat Backup >> Auto Backup: OFF
  • Periodically go to Settings >> Chats >> Chat history and delete all chats to protect them from snooping eyes.

Summary

WhatsApp offers strong encryption for your messaging but it’s also weak to hacking by anyone who knows your iCloud password. You have to proactively secure WhatsApp on your iPhone by maxing out your security settings and disabling any kind of iCloud backup for WhatsApp.

10 thoughts on “How To Secure WhatsApp From Being Hacked on iOS

  1. Web Hosting says:

    It does much more than hack into WhatsApp and, for example, it very cleverly allows you to record calls, even listen to live calls.

  2. Bob Newman says:

    I was frustrated and depressed when i noticed my spouse was cheating on me
    and there was nothing i could do about it, one day i saw an ad by this hacker and decided
    to contact him we got to talking and he has been helping me ever since;
    hacking Whatsapp, facebook, hacking into phones and intercepting text messages, getting mail passwords,
    registry hacks e.t.c. right now i am in the final stages of my divorce getting what i deserve all thanks to Aceteam.
    you should contact them if you have any hacking related issues

  3. Eric Mark says:

    Do you need the services of a professional hacker who can hack into any database?
    Well you just found help. Contact one of the best hackers i have ever come across
    in my experience of hackers research. This man has done so many jobs without failure
    i felt i should let other people know and work with him. You can contact this genius
    on his email- ***@gmail.com or add him on BBM PIN: ****
    whatsapp: ***

    He Hacks Facebook,whatsapp,gmail,website,Bank hack/funds transfer,Cloning phone
    -Calls tracking-Hackin/changing school grades- Hacking/clearing criminal records.
    PLEASE CONTACT HIM ONLY FOR SERIOUS BUSINESS

  4. Eric Mark says:

    Do you need the services of a professional hacker who can hack into any database?
    Well you just found help. Contact one of the best hackers i have ever come across
    in my experience of hackers research. This man has done so many jobs without failure
    i felt i should let other people know and work with him. You can contact this genius
    on his email- [email protected] or add him on KIK- beyonceknowles

    He Hacks Facebook,whatsapp,gmail,website,Bank hack/funds transfer,Cloning phone
    -Calls tracking-Hackin/changing school grades- Hacking/clearing criminal records.
    PLEASE CONTACT HIM ONLY FOR SERIOUS BUSINESS

  5. Eric Mark says:

    CAN ANYONE HACK WHATSAPP? This question is commonly asked by hesitant users that want to hack someones whatsapp account. I tell you there’s nothing that cannot be hacked! Banks, ATM Cards, Top secured institutions can be hacked by professional hackers of course. What a single Application any different? In technological that run on series of codes to hard to bullet-proof codes, exploit can be found sooner or later and in Whatsapp case it’s already been found.
    Contact [email protected] he will do all the work and all you have to do is wait and get your response within few minutes.

  6. Grayson says:

    If you need any genuine hacking services then you should contact a pro or text him , He is experienced and a professional as well.

  7. lisa says:

    *Cheating Spouse *University grades changing *Bank accounts hack *Twitters hack *email accounts hack *Grade Changes hack

    *Website crashed hack *server crashed hack *Retrieval of lost file/documents *Erase criminal records hack *Databases hack

    *Sales of Dumps cards of all kinds *Untraceable Ip *Individual computers hack *Websites hack *Facebook hack *Control

    devices remotely hack *Burner Numbers hack *Verified Paypal Accounts hack *Any social media account hack *Android & iPhone

    Hack *Word Press Blogs hack *Text message interception hack *email interception hack

    contact: [email protected]

Leave a Reply

Your email address will not be published.