You just purchased your first iPhone, are you starting to communicate with your friends through WhatsApp and I wonder if anyone can nose your nose in your messages without you noticing it? You’re in good company, believe me.
Every day I receive dozens of messages from friends, readers, and acquaintances asking me if you can spy on WhatsApp iPhone , if this application is really as safe as they want to believe us or if there is something – even someone – of which we must have fear . Answering such a question is not easy at all. It certainly takes a bit of time, so if you agree, I’d like to take a few minutes of time and tackle the issue together.
Continue reading: We will try to find out what are the possible privacy risks we encounter using WhatsApp, learn how to recognize spyware attempts and, above all, see what steps we have to keep our conversations away from prying eyes (as far as possible). I hope you can find the stimulating subject at the right point and the suggestions I’m going to give you interesting enough. Enjoy the reading!
Sniffing Wi-Fi networks
Have you ever heard of Wireshark ? This is a free software that allows you to monitor Wi-Fi networks and “capture” all the data circulating on them. I’ve also talked to you in my tutorial on sniffing wireless networks . Well, using a program like Wireshark, computer criminals might be able to capture WhatsApp communications and spy on them without the permission of the user.
Unfortunately, we can not do anything to counter this kind of threat, but the only thing we can do is avoid using public Wi-Fi networks (which are known as the favorite hunting ground) lucky to capture WhatsApp conversations by sniffing wireless networks should not be easy.
By the end of 2014, Open Whisper Systems developers announced that WhatsApp would adopt their end-to-end encryption technology (TextSecure) to make the user’s communications safer. The encryption end-to-end principle is a system by which the data travels in encrypted manner from one point to another without that nobody, except the legitimate senders and recipients, can read the contents.
In April, a German computer security team conducted some tests on WhatsAppand discovered that only communications from and to Android terminals used end-to-end encryption. On the other platforms, an encryption system based on the RC4 algorithm was used, which is subject to various vulnerabilities and potentially enables computer criminals to capture user messages through wireless sniffing.
Following the release of this study, Open Whisper Systems developers have confirmed that encryption would come gradually on iOS and other mobile platforms, but unfortunately we can not have the absolute certainty that this is true. WhatsApp, in fact, is a closed source software and we can not know what really happens under the bonnet of the application.
End-to-end encryption may be poorly implemented, it may not work in certain countries (at the request of local governments, who, as they know, like to nose their nose into citizen data) or still be active for certain content and not for others. In short, even though Open Whisper Systems developers tend to throw water on fire, we can not be 100% sure that our conversations are sniffing.
Then? So, as mentioned, let’s avoid using public Wi-Fi networks. Or alternatively stop using WhatsApp in favor of open source messaging applications that transparently support end-to-end encryption.
These are often invisible software, which fortunately require physical access to the victim’s phone to be installed, but once activated they can spy on WhatsApp iPhone and any other activity on the device without any suspicion.
If you fear that your “melaphone” has been “infected” with one of these apps, I’m sorry, but the only solution you have to get rid of it is to format your smartphone. To do this, you can go to the Settings> General> Reset iOS menu and select the Initialize content and settings option or turn it on to iTunes (as I explained in my tutorial on resetting iPhone ).
Another risk you must be aware of is identity theft . By exploiting psychological tricks (so-called social engineering ), malicious people might momentarily access your iPhone and “clone” your WhatsApp account, thus gaining free access to your conversations.
The most insidious techniques used by cyber criminals to steal the identity of users on WhatsApp is what involves WhatsApp Web .
As you will surely know – and as I explained to you in my WhatsApp PC tutorial – WhatsApp Web is an online service that allows you to send and receive messages on WhatsApp by using your smartphone as a bridge.
To access it just scan your cell phone with a QR code that appears on your PC screen and you have to keep your smartphone connected to the Internet: no matter which network, Wi-Fi or 3G / LTE is the same, just have an active connection on the phone. And this is where the “beautiful” comes.
An attacker could get hold of your iPhone, WhatsApp use it to access the Web and check the box Stay connected allowing your browser to remember your identity, and thus avoid scanning the QR code for subsequent access. When done, the “spy” could access your chats via WhatsApp Web without you knowing anything (provided your smartphone is connected to the Internet), but fortunately there is a way to defend yourself.
If you suspect someone’s nose in your conversations via WhatsApp Web, open WhatsApp, select the Settings tab at the bottom right, go to WhatsApp Web and first call Logs off all computers and then Disconnect . In this way, all computers that have access to your account will lose the connection and will be prompted again to scan the QR code (operation that at that point the person you are spying will not be able to do so because you do not own your “melafonino “).
Another technique – far longer and more complex – that could allow a spy to spy WhatsApp iPhone is the cloning of the MACBook address .
The MAC address is a 12-digit code that uniquely identifies all devices that can connect to the Internet. WhatsApp uses it, along with the phone number, to identify its users, so by camouflaging it you can fool the application and access another person’s account.
To be precise, the “turn” should make jailbreak on its iPhone (or root on Android ), install MAC address camouflage applications (eg BusyBox and Mac Address Ghost on Android or Spoof MAC on iPhone) and get hold of the victim’s phone.
Then you should see the MAC address of the phone to be spied (going to the Settings menu > General> Info ), apply it to it, install a new copy of WhatsApp and activate it using the victim’s number.
Again, the procedure is very long and complex, but it’s good to know it when someone tries to put it into practice. Do you wonder if there are ways to defend yourself? Sure.
Since the identity of WhatsApp is to be physically accessed to the victim’s smartphone, the wisest thing you can do is protect yourself by practicing all the common sense advice you’ve heard a thousand times before.
- Do not lend your iPhone to strangers and do not leave it unattended in public places.
- Set an unlock code that is difficult to guess. If you do not know how to do it, just go to the Settings> Touch ID and Code menu and select the Change Code item .
- Prevent SMS viewing in the lock-screen to protect your privacy and prevent anyone from reading WhatsApp’s verification code without unlocking the phone. If you do not know how to do it, go to the Settings> Notifications> Messages menu and remove the check mark from the Show item in “Screen Lock “.