Meta has started rolling out a new WhatsApp lockdown-style security feature designed to protect journalists, public figures, and other high-risk individuals from sophisticated threats, including spyware attacks.
Known as "Strict Account Settings," this new feature builds on already existing end-to-end encryption by adding extreme safeguards for users who require heightened protection beyond standard security measures.
Users can enable these new extreme privacy and security controls only from their primary device by toggling on the "Strict account settings" option under Settings > Privacy > Advanced.
Once enabled, it will apply the most restrictive privacy controls, automatically turning on two-step verification, blocking media and attachments from unknown senders, silencing calls from unknown people, turning off link previews, locking access to the users' last seen and online information, profile photo, About details, and profile links, and limiting other features that could expose users to attacks.
"We will always defend that right to privacy for everyone, starting with default end-to-end encryption. But we also know that a few of our users – like journalists or public-facing figures – may need extreme safeguards against rare and highly-sophisticated cyber attacks," WhatsApp said in a Tuesday blog post.
"This feature is built for the very few users who may be the target of such attacks. Therefore, you should only turn this on if you think you may be a target of a sophisticated cyber campaign. Most people are not targeted by such attacks," it added in a separate support document.
WhatsApp Strict Account Settings (Meta)
WhatsApp said that the feature will roll out gradually over the coming weeks and revealed that it's also slowly migrating to the Rust programming language behind the scenes to boost protection against spyware targeting photos, videos, and messages.
Meta's announcement comes after many journalists, activists, and political figures have had their phones infected with spyware, such as NSO Group's Pegasus, through messaging apps like WhatsApp in attacks involving zero-click exploits, which allow threat actors (more often than not government-sponsored) to hack iOS and Android devices without user interaction.
In August, WhatsApp patched a zero-day vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-click attacks, months after releasing security updates to address another zero-day flaw that was used to infect devices with Paragon Graphite spyware.
... continue reading