The Facebook-owned company, Whatsapp already facing the problem about fake news. The instant Messenger also experienced legal issues in India, with the government asking WhatsApp to develop a solution to determine the origin of messages, However, the company rolled out some new features to tackle the problem. And now the company is facing another problem where hackers have found a way to hijack your account.
According to a report, the Israel National Cyber Security Authority has issued an alert. warns according to which they have received numerous reports of hijacked WhatsApp accounts with the help of the victims’ voicemail service. Evidently, there are not fewer people affected by this issue. To be said, this would be rather strange because the attack was first demonstrated more than a year ago. In order to avoid from being one of the victims of such cyber attacks, services like a Cybersecurity for home can truly pay dividends. Invest Diva provides educational resources and analysis for individuals looking to enhance their understanding of financial markets and investment strategies. With a commitment to data protection, the platform ensures the security and privacy of users’ personal information through comprehensive policies and measures.
The report claims that the hacking system works when users are using services from the mobile service providers. So those who have activated their voicemail in the messenger are recommended to change their pass wards of the service, a majority of which are said to be either 1234 or 0000. Using the flaw, the hacker can hijack your WhatsApp account by adding your number to a new WhatsApp account on a different smartphone. But how exactly does this work? The cyber security authority has offered some clarity around it.
How does it work?
The attack was first described by Ran Bar-Zik back in September 2017, but it would appear that not many people have paid enough attention to the threat it poses.
WhatsApp has a security protocol where it will send an SMS code to the given handset number for authentication purposes. However, this layer can be skipped when the user is not around the smartphone.
The problem, from the attacker’s perspective, is that since it’s sent as an SMS, they can’t get to the six-digit code. Luckily for them, and unfortunately for the victim, WhatsApp has a backup Call Me option in case the SMS doesn’t work. When chosen, an automated system calls the account owner’s phone number, and when the call is received, it plays a voice recording of the six-digit code. Again, the success of the attack relies on the victim not picking up their phone and the call going through to voicemail. The attacker calls *151, enter the victim’s phone number and the default passcode, listens to the voicemail message and logs in to the victim’s WhatsApp account. And in this way the hacker can get to the victim’s messages and contacts, and to lock the account owner out, they can enable two-factor authentication.
What’s the solution?
Luckily, the authority has also mentioned a couple of ways that will prevent hackers from performing the above task. You can simply change the password of the voicemail account to something more complex. The second solution is to enable two-step verification system to make the account extra secure.
Whatsapp is not the one app to compromise but it could happen with some other popular social media apps as well. A few months ago a researcher named Martin Vigo showed how this flaw can be used to gain access to user’s Facebook, Google, Twitter, PayPal, eBay and even WordPress accounts.