2 min read

You Can Now Check for Tampering in WhatsApp Web Code in Your Browser

Vlad CONSTANTINESCU

March 11, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
You Can Now Check for Tampering in WhatsApp Web Code in Your Browser

WhatsApp and Cloudflare recently partnered to release a project called Code Verify that can validate the authenticity of WhatsApp’s web app code in your browser.

The open-source tool, which is available as an extension for Chrome and Edge web browsers, lets users verify the “authenticity of the WhatsApp Web code being served to your browser,” according to a Facebook announcement.

Last year, the messaging service implemented multi-device capability in its infrastructure, spurring an “increase in people accessing WhatsApp directly through their web browser via WhatsApp Web.”

Like many other web applications, WhatsApp Web could be a target for cyberattacks, to it required efficient security measures. The newly released Code Verify browser extension aims to validate the integrity of the web application’s code and confirm that it hasn’t been altered in any way, such as backdoored or laced with malicious code.

Although it’s currently available only as an extension for Chrome and Edge, the company is working on a Firefox add-on version.

The Code Verifier’s mechanism uses Cloudflare as a third-party audit to check the hash of Meta’s WhatsApp Web JavaScript code against a locally computed hash of the code on the browser client.

The tool can also instantly certify the code’s authenticity, seeing as the cryptographic hash value updates automatically and synchronously whenever WhatsApp Web’s code receives an update.

If the authentication passes, the extension displays a green checkmark. Otherwise, it will notify the user by flashing an exclamation or a question mark. The check is performed automatically, so no additional assistance is required.

If Code Verify can’t authenticate the WhatsApp Web code in your browser, you’ll see one of the following messages:

  • Network Timed Out: If your network timed out and rendered Code Verify unable to perform the code validation, you’ll be prompted with a question mark inside an orange circle
  • Possible Risk Detected: If third-party tools impede the tool’s ability to verify the code, the extension will display a question mark inside an orange circle
  • Validation Failure: If the tool detects that your WhatsApp Web code is not the same as everyone else’s, the extension’s icon will turn into an exclamation mark inside a red circle

You can check the verification status by clicking the extension icon in your toolbar while it’s green, orange, or red. Furthermore, the extension lets you find additional details by clicking the “Learn More” button and even download the source code for further analysis.

tags


Author


Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like

Bookmarks


loader