Meta introduces Strict Account Settings on WhatsApp, a new security mode that locks down account settings and blocks media from unknown senders to protect high-risk users from sophisticated spyware attacks.
WhatsApp has launched a new security feature called Strict Account Settings designed to protect high-risk users from sophisticated spyware attacks. The feature, which Meta describes as a "lockdown-style" mode, automatically locks account settings to the most restrictive options and blocks attachments and media from unknown senders.
Protecting Journalists and Public Figures
The new security mode specifically targets individuals who may be at higher risk of targeted attacks, such as journalists, activists, and public figures. Once enabled, the feature automatically blocks attachments and media from people not in a user's contacts, silences calls from unknown numbers, and restricts other settings that could potentially be exploited by attackers.
"This lockdown-style feature bolsters your security on WhatsApp even further with just a few taps by locking your account to the most restrictive settings like automatically blocking attachments and media from unknown senders, silencing calls from people you don't know, and restricting other settings that may limit how the app works," Meta explained in their announcement.
How to Enable the Security Mode
Users can activate the Strict Account Settings by navigating to Settings > Privacy > Advanced within the WhatsApp application. Meta notes that the feature is rolling out gradually over the coming weeks, so it may not be immediately available to all users.
Rust Programming Language Integration
In addition to the new security mode, Meta announced it's adopting the Rust programming language in its media sharing functionality. The company describes this as the "largest rollout globally of any library written in Rust," highlighting its commitment to improving security through modern programming practices.
Rust was chosen specifically for its memory safety features, which help prevent common vulnerabilities that spyware and other malicious software often exploit. Meta has developed a secure, high-performance, cross-platform library called wamedia for media sharing across WhatsApp devices.
Three-Pronged Security Approach
Meta outlined a comprehensive strategy to combat memory safety issues:
- Design products to minimize unnecessary attack surface exposure
- Invest in security assurance for remaining C and C++ code
- Default to memory-safe languages for new code
The company has already implemented additional protections including Control Flow Integrity (CFI), hardened memory allocators, and safer buffer handling APIs. This represents part of WhatsApp's ongoing "defense-in-depth" approach to security.
Industry Context
This move by WhatsApp follows similar security initiatives from other major tech companies. Apple's Lockdown Mode and Android's Advanced Protection offer comparable features for users facing heightened security threats. By implementing similar protections, WhatsApp is acknowledging the growing sophistication of targeted spyware attacks and the need for specialized security measures.
The timing is particularly relevant given the increasing prevalence of commercial spyware like Pegasus, which has been used to target journalists, activists, and political figures worldwide. These attacks often begin with seemingly innocuous messages containing malicious attachments or links.
Technical Implications
The adoption of Rust represents a significant shift in how Meta approaches security at the code level. Memory safety vulnerabilities have historically been a major source of security issues in software, and Rust's design specifically addresses these concerns while maintaining performance.
By developing wamedia as a cross-platform library, Meta is also streamlining its security approach across different device types, ensuring consistent protection whether users are on iOS, Android, or desktop platforms.
User Impact
For most users, the Strict Account Settings feature may seem overly restrictive, as it limits functionality in exchange for enhanced security. However, for those at genuine risk of targeted attacks, these trade-offs are worthwhile. The feature provides an additional layer of protection without requiring users to manually configure complex security settings.
As cyber threats continue to evolve and become more targeted, features like this represent an important step in making advanced security accessible to those who need it most, while also pushing the broader industry toward more secure development practices.
Image: WhatsApp's new security features aim to protect high-risk users from sophisticated spyware attacks.
Comments
Please log in or register to join the discussion