WhatsApp has rolled out a significant security enhancement with the introduction of a new 'lockdown' mode, formally known as 'Strict Account Settings.' This suite of features is specifically engineered to safeguard users from advanced cyberattacks, particularly those targeting high-risk individuals such as journalists and public-facing figures.
Enhanced Protection Against Sophisticated Threats
Will Cathcart, head of WhatsApp at Meta, emphasised in a statement that the platform is continuously adding layers of security. He noted, 'For the few users who may require extreme protections against targeted cyber attacks, we're rolling out this new feature.' While WhatsApp already offers end-to-end encryption by default, this measure is insufficient against certain rare and sophisticated malware types.
How Lockdown Mode Works
Once activated, Strict Account Settings will impose several restrictions on account functionality to mitigate risks. These include:
- Blocking attachments and media from unknown contacts.
- Silencing all incoming calls from individuals not in the user's contact list.
- Restricting who can add the user to groups.
- Preventing non-contacts from viewing profile photos, 'about' details, and online status.
These measures are designed to prevent high-risk users from receiving suspicious messages that could harbour malicious code, such as in pictures, videos, or PDFs.
Background on Advanced Spyware Campaigns
The development of this feature follows high-profile incidents involving sophisticated spyware like Pegasus, created by the Israeli cyber-arms firm NSO Group. Pegasus exploited unpatched vulnerabilities in phone operating systems, using 'no-click' methods to infect devices without user interaction. Once compromised, devices could be turned into surveillance tools, capturing audio, video, and location data.
In response, Meta sued NSO Group and secured £121.3 million in damages. More recently, WhatsApp reported thwarting a similar campaign by another Israeli spyware firm, Paragon Solutions, targeting journalists and civil society members. However, such attacks remain extremely rare and are typically orchestrated by nation-state entities rather than ordinary cybercriminals.
Activation and Recommendations
To enable lockdown mode, users should navigate to Settings > Privacy > Advanced and toggle on 'Strict Account Settings.' Meta advises that this feature should only be activated by those who believe they might be targeted by sophisticated cyber campaigns, as it significantly limits account functionality. The company reassures that the vast majority of users will never need to use these settings.
Legal and Security Context
This update comes amidst ongoing legal challenges and security concerns. WhatsApp is currently facing a lawsuit alleging that Meta employees can bypass end-to-end encryption to view user messages, a claim the company has dismissed as 'categorically false and absurd.' Meta has vowed to pursue sanctions against the plaintiffs' counsel, calling the suit frivolous.
The rollout of Strict Account Settings will occur gradually over the coming weeks, reflecting WhatsApp's commitment to enhancing user security in an increasingly complex digital landscape.
