Until now, there has been a strong confidence of the people about WhatsApp apps thinking it is end-to-end encrypted and never disclosed to a third party. But, ever-since the WhatsApp chats of a number of Bollywood stars were acquired by the Narcotics Control Bureau of India, it was revealed that WhatsApp actually is compromising privacy policies and handing texts and conversation of its clients to some intelligence agencies. These leaks have raised several questions about the security and privacy policies of WhatsApp.
Lots of people keep asking me – what are the chances of their WhatsApp messages getting leaked or hacked?
Here are my answers:
Maybe someone has installed a spyware on your phone. A spyware is a malicious application that allows one to spy on someone. This app helps one to read messages, check social media and other content in someone’s phone.
Go to your phone settings
Go to apps in settings
Find any unknown app installed.
Remove the app.
Check WhatsApp Web:
This is the most commonly used way to leak someone’s WhatsApp messages. It’s a feature in WhatsApp which allows the user to connect his WhatsApp to the browser, from where the user can send, receive, delete messages and media. To find out anyone’s using it to leak your messages:
Open WhatsApp application
Tap the 3 dots on top right corner.
Now tap on WhatsApp Web.
Check any unknown computer/browser connected to your WhatsApp.
WhatsApp spokesperson in an official statement said: “It’s important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn’t have access to your message content. WhatsApp follows guidance provided by operating system manufacturers for on-device storage and we encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on the device”.
Does WhatsApp store user’s messages?
WhatsApp in its official blog post notes that it “does not store messages once they are delivered or transaction logs of such delivered messages and undelivered messages are deleted from our servers after 30 days.”
If the messages are not stored on WhatsApp’s server, then how can someone retrieve these encrypted chats?
How can someone access a user’s WhatsApp chats?
Experts say that investigative agencies can take a user’s phone and create a clone of it on another device and then make a mirror image of the phone and transfer all the data of the phone like call recordings, messages, videos, images and even WhatsApp chats. Moreover, they can copy the content from Google Drive or iCloud, which includes data that is even deleted from the user’s phone. If the user is not saving the WhatsApp data on Google Drive or iCloud, it is impossible to access the data by anyone – be it any intelligence agency or private investigators.
WhatsApp users mostly back up their chats on Google Drive or iCloud. So, the messages between Deepika and Karishma may also have been stored on any of the cloud services and accessed similarly.
Ever since Indian actress Deepika Padukone’s chats have been leaked online, the people are in two minds about WhatsApp’s policies. It is no secret that all WhatsApp chats are end-to-end encrypted. This means that the chats can only be accessed or read by the sender and receiver and nobody in between. Not even WhatsApp can access the chats of its users. The end-to-end encryption is activated automatically and no one has the option of turning it off.
“WhatsApp protects your messages with end-to-end encryption so that only you and the person you’re communicating with can read what is sent, and nobody in between can access it, not even WhatsApp. It’s important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn’t have access to your message content. WhatsApp follows guidance provided by operating system manufacturers for on-device storage and we encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on the device,” WhatsApp spokesperson said in a statement.
WhatsApp has a different set of guidelines for law enforcement authorities
WhatsApp has a different set of rules concerning the law enforcement authorities. The company states in its blog that there are various guidelines that the law enforcement officials seeking records from WhatsApp have to follow while filing a request. “We disclose account records [not the chat details] solely in accordance with our terms of service and applicable law.
Additionally, we will assess whether requests are consistent with internationally recognized standards including human rights, due process, and the rule of law. A Mutual Legal Assistance Treaty request or letter rogatory may be required to compel the disclosure of the contents of an account,” the WhatsApp blog says. The Facebook-owned messaging app takes various measures to preserve account records [not text messages] in connection with official criminal investigations for 90 days. However, requests submitted by non-law enforcement officials are not reviewed. This means that no news channel or private investigation agencies can write to WhatsApp and access the chats of users.
So what could have gone wrong in Deepika Padukone’s case?
In Deepika and her manager Karisma’s case, this could not be the case. It was being speculated that Jaya Saha, through whom the drug chats between Deepika and Karisma dating back to 2017 were accessed, had backed up her chats history on the Google Drive or Apple’s iCloud. In such cases, WhatsApp notes that messages that are backed up on either Google Drive, iCloud, or any such platforms are not covered by WhatsApp’s end-to-end protection.
So to access the unprotected chats, a law enforcement official only needs the suspect’s phone and can create a clone of it on another device using the phone cloning process. Through this process, the agencies and forensic experts can retrieve messages even if they are deleted from the device.
Accessing the chats physically is a lot easier
However, the easiest and most predictable way of leaking a chat can be screenshotting the chat and sharing it with others. But you can only take a screenshot if you know the password to someone’s phone and can access the chats. In any case, breaking the encryption is a lot harder than accessing the chats physically.
Your WhatsApp can be hacked and here’s how you can stop it
According to the India Today, calls itself fully encrypted but this does not make it un-hackable. Being the most widely used chat app, WhatsApp has all kinds of messages including your personal ones which you may not be comfortable sharing with others.
So what happens if your WhatsApp account is hacked. Though WhatsApp can be hacked to some extent only, we don’t have to tell you that how bad the hacking can do to you. Once hacked, the hacker can keep an eye on you like when you come online WhatsApp, your sleeping pattern, your online activity and much more.
Hackers can access your WhatsApp data by various means like via WhatsApp web or registering your number on another device. WhatsApp cannot work on two phones at the same time but hackers if register your number on another device, can easily get hold of all your chats including the personal ones.
Hackers can quickly scan your WhatsApp QR code and access your WhatsApp conversation from anywhere in the world. However, this requires hackers to have a physical access of your phone to access the QR code.
To know if your WhatsApp web is active on an unknown device, go to the three dots given at the top right corner of your WhatsApp window. Go to WhatsApp Web and check the list of all open sessions. This will let you see all the devices that are connected to your WhatsApp.
If you are seeing a message ” This phone could not be verified”, it means your WhatsApp has been accessed by an unknown device also.
There are also third-party softwars available on the web that can be used by hackers to sniff in your WhatsApp conversations.
Tips to prevent your WhatsApp from getting hacked:
— Log out from all computers that you see in the list under WhatsApp Web. This will stop hackers from reading your chats further. However, this should be done every time you use WhatsApp web.
— Do not leave your phone unattended when you are out.
— Lock all your apps to prevent unknown people to access your apps.
— Do not connect your phone to unknown WiFi connections as hackers can also use the unique MAC address to access all your WhatsApp chats.
— In case, your WhatsApp is already hacked, deactivate your account by emailing at [email protected] Your account will be automatically deleted if not accessed for 30 days.
–Enable 2 step verification under WhatsApp Account settings. This will add an extra layer of security over the app.
Does WhatsApp have access to chats?
No. Since 2016, WhatsApp has installed an end-to-end encryption system, which, as its FAQ section says, “ensures only you and the person you’re communicating with can read what’s sent, and nobody in between, not even WhatsApp”.
Governments across the world see end-to-end encryption as a huge issue when it comes to law enforcement. While WhatsApp says it responds to requests from law enforcement agencies “based on applicable law and policy,” it is not clear what kind of data it would have to share. News reports have mentioned that these could be in the nature of metadata such as mobile number, IP address, location, and so on.
In brief, be rest assured, law enforcement agencies can obtain details of your WhatsApp account from Facebook through due process, but in no case, they can have your data details. Only make sure, the person you are communicating on WhatsApp is not transmitting any screenshot to a third party via email.
Damsana Ranadhiran is a security analyst