WhatsApp is rolling out a new security feature called "Strict Account Settings," designed to offer enhanced protection for users who may be targets of sophisticated cyberattacks, including spyware. This lockdown-style mode significantly restricts app functionality in exchange for heightened security, mirroring features like Apple's Lockdown Mode and Android's Advanced Protection.

Key Takeaways

• Enhanced Security for High-Risk Individuals: The feature is specifically designed for users like journalists, activists, and public figures who may face targeted surveillance.

• Restrictive Settings: Enables features such as blocking media and attachments from unknown senders, silencing calls from unknown numbers, and limiting profile visibility.

• Technical Underpinnings: WhatsApp is also adopting the Rust programming language for its media sharing functionality to bolster security against memory-safety vulnerabilities.

• Gradual Rollout: The feature is being deployed gradually over the coming weeks to all users globally.

Lockdown-Style Protection

WhatsApp's new "Strict Account Settings" aims to provide an extra layer of defense beyond its default end-to-end encryption. Once activated, the feature enforces the most restrictive privacy options available. This includes automatically blocking all media and attachments from individuals not present in the user's contact list. Additionally, calls from unknown numbers will be silenced, and other settings that could potentially limit the app's functionality will be restricted to minimize the attack surface.

Targeted User Base

Meta, WhatsApp's parent company, stated that this feature is intended for the "very few users who may be the target of such attacks." It is not recommended for the general user base, as it significantly curtails app functionality. The company highlighted that users such as journalists or public-facing figures might require these extreme safeguards against rare and highly sophisticated cyber threats, including those involving zero-click exploits used by spyware like NSO Group's Pegasus.

Technical Enhancements with Rust

In parallel with the "Strict Account Settings," WhatsApp is also enhancing its underlying technology by adopting the Rust programming language for its media sharing functionality. This move is described as the largest global rollout of a Rust-based library. The use of Rust aims to improve memory safety and protect users' photos, videos, and messages from spyware attacks. This initiative is part of a broader three-pronged strategy by Meta to address memory safety issues, which includes minimizing attack surfaces by design, investing in security assurance for existing C and C++ code, and defaulting to memory-safe languages for new development.

Enabling the Feature

Users can enable "Strict Account Settings" by navigating to Settings > Privacy > Advanced within the WhatsApp application. The feature can only be toggled on from the primary device. Meta has indicated that the rollout will occur gradually over the next few weeks.

Sources

• WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware, The Hacker News.

• New WhatsApp lockdown feature protects high-risk users from hackers, BleepingComputer.

• WhatsApp’s new 'Strict Account Settings' Adds Lockdown-Style Protection Against Spyware |CyberScoop, CyberScoop.

• WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users, Security Affairs.

• WhatsApp Rolls Out Strict Account Settings to Block Spyware, WinBuzzer.