Researchers Reveal How to Hijack Someone Else’s WhatsApp Account

Take over WhatsApp account
Written by Emma Davis

The researchers described an attack that allows hackers to take over someone else’s WhatsApp account, gaining access to private messages and contact list.

It’s all about the functionality of WhatsApp, which allows transferring one-time passwords through voice calls.

Let me remind you that we also talked about the fact that Hackers can change media files transmitted via WhatsApp, and also that WhatsApp denies Facebook has access to users’ private messages.

CloudSEK specialists told about this hacking method. For such an attack, the hacker will need only a few minutes, although in order to take over someone else’s account, you need to know the victim’s phone number and be ready to use social engineering.

The process does require the use of social engineering – including ringing the victim – and trades on the fact the average Whatsapp user is not familiar with MMI codes.information security specialists say.

First, the attacker will need to convince the victim to call the number that starts with the MMI code that the carrier uses to activate call forwarding. Depending on the operator, the MMI code may include forwarding all calls to another number or only when the line is busy or the subscriber is not available. Typically, these codes begin with an asterisk (*) or pound sign (#) and are supported by all major carriers.

Once the attacker has convinced the victim to forward calls to his number, he initiates the WhatsApp registration process on his device, choosing to receive a one-time code via voice call.

Once the code is obtained, the hacker can register the victim’s WhatsApp account on their device and enable two-factor authentication, which will prevent the real owner of the account from regaining access.

It should be noted that during the attack, text messages will be sent to the target device informing that WhatsApp is being registered on another device. But the user may overlook these warnings, especially if the attacker resorts to social engineering and engages the victim in a telephone conversation while receiving a one-time password from the messenger.

Experts note that protecting against this type of attack is very simple: just enable two-factor authentication in WhatsApp.

2FA is a simple, easy-to-implement second layer of account security, one that could very well save your skin if a hacker targets you with a scam like this. All in all, it’s better to be safe rather than sorry, so activate 2FA on WhatApp as soon as you can.information security specialists recommend.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply