How WhatsApp Account Gets Hacked: Security Expert Explains
WhatsApp accounts are sometimes taken over while their users are asleep and unable to respond to strange messages. Security expert Zuk Avraham explained how this happens and why users should care about their cell phone mailbox.
Account theft works via the way in which users can recover a forgotten password and a security measure that is not exactly well thought out by mobile network operators. They usually do not ensure that their customers’ network-based mailboxes are well protected from unauthorized access from the start.
The attacker tries to log into the WhatsApp account in the first step. This is answered by WhatsApp via a one-time use code that is sent to the user’s phone number via SMS. Of course, this does not get the account thief any further – but he can now indicate that the code has not arrived. Further options will then be made available.
Here you can also choose the option of getting the code via a phone call. A speech robot then reports to the user – and if he is asleep and has switched his phone to mute for the night, the spoken message ends up in the mailbox. The attacker can now call this – although there is also access protection here, the network operators usually only assign the last four digits of the telephone number as a PIN, which means that unauthorized persons can also gain access quickly.
Users rarely change their PIN because they assume that their mailbox will never contain any information that would be of particular interest to third parties. As the present case shows, this is a grave error. It, therefore, makes sense to also secure seemingly harmless services such as the answering machine.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.