Meta has introduced a new Strict Account Settings feature for WhatsApp specifically designed to help protect high-risk individuals from sophisticated cyber-attacks. The feature mirrors similar features found in Apple's Lockdown mode and Android’s Advanced Protection, but specifically targets journalists, public figures, and others who could potentially be targeted due to their profession or gender identity as part of their work.
Once activated, the feature automatically locks the following account settings at the most restrictive level: it will prevent anyone who is not a contact from sending any attachments or media to the user's account; it will prevent any calls from unknown callers; and it will restrict other account settings that could expose the user to potential threats. According to Meta, these changes will introduce some trade-off with regard to functionality in exchange for an increase in security against spyware and other targeted attacks.
Strict Account Settings will be available to users by going to Settings > Privacy > Advanced. The rollout of this feature will take place in phases over the next few weeks.
WhatsApp is also incorporating Rust to enhance security measures. Rust is a memory-safe programming language to eliminate potential vulnerabilities unique to C and C++. In designing a new cross-platform library, called wamedia, WhatsApp utilizes this modern language for its architecture; this library allows users to share secure photos; videos; and messages across devices.
Meta’s security team is taking a three-pronged approach:
1. Minimize attack surface through careful product design
2. Apply security assurance to the remaining C/C++ code
3. Favor memory-safe languages like Rust for new development
The company also added control-flow integrity (CFI), hardened memory allocators, safer buffer handling APIs, and other protections, all as part of a layered “defense-in-depth” strategy to keep users’ data safer behind the scenes.
Source: The Hacker News