Originally published at: Beware Exploits of WhatsApp’s Linked Devices Feature - TidBITS
On Certo Software’s blog, security expert Simon Lewis writes about how domestic abusers are exploiting a WhatsApp feature to spy on their partners:
WhatsApp’s Linked Devicesis a feature that allows users to access their WhatsApp account on up to four additional devices such as computers, tablets, or other phones.
Once linked, these devices can send and receive messages independently, offering convenience for users who want to stay connected across multiple platforms.
Although this feature is designed for convenience, it can become a threat in the hands of hackers and cyberstalkers.
This Linked Devices feature resembles Apple’s Messages in iCloud since it syncs conversations across multiple devices. However, Apple ensures security by requiring all devices to be logged into the same Apple Account, whereas WhatsApp Linked Devices can be linked with physical access to the victim’s phone. Although WhatsApp sends a single notification about new Linked Devices within 5 to 90 minutes of linking, the victim might overlook it, or the attacker may be able to dismiss it.
Lewis recommends regularly reviewing the Linked Devices section of the WhatsApp settings and disconnecting any devices you don’t recognize. To prevent unauthorized linking, turn on WhatsApp’s Face ID or Touch ID authentication so that your face or fingerprint is required to access the app. Also, ensure you trust everyone with whom you’ve shared your passcode or granted biometric access in Settings > Face/Touch ID & Passcode. In general, avoid sharing access to your iPhone (or other Apple devices) with anyone you haven’t already entrusted with access to your bank account.