HomeTech NewsMethod used by hackers that steals people's WhatsApp account in minutes

Method used by hackers that steals people’s WhatsApp account in minutes

Published on

- Advertisement -

WhatsApp is one of the most widely used messaging applications today, which is why many hackers focus their attacks on this platform thanks to the possibilities it offers to access personal data of a large number of people.

The latest discovery recently reveals how the attackers within this application execute a strategy in which whatsapp account hijacked of a person to then have access to personal messages, as well as their list of contacts.

- Advertisement -

Delving into the technical details, the success of this attack lies in the use of a automated service of mobile phone operatorswhich allows you to divert calls from a different phone number, using an option present in WhatsApp that activates the sending of a one time password verification code (OTP) through a voice call.

All that is needed to launch the attack is the phone number of the chosen victim. Once the attacker’s strategy kicks in, it takes a matter of minutes for it to take over the target WhatsApp account.

To do this, the attacker makes a call to the victim requesting this make a call to a number whose code (**67* or 405) corresponds to a man-machine interface (MMI) which has been established by the mobile operator and assigned to call forwarding.

- Advertisement -

Once the victim agrees to this, the attacker launches the registration process of the victim’s WhatsApp on their device, for which they activate the option to receive the OTP through a voice call.

After having obtained the OTP code, the next step taken by the attacker is to register the victim’s WhatsApp account and finally enable two-step authentication (2FA) so that the person who owns the account cannot have the possibility of accessing it.

However, within this process there are some factors that can affect the success or failure of this method. The first of them is him strict use of an MMI code that makes it possible to forward all calls.

- Advertisement -

This means that if the MMI only forwards calls when the line is busy, if there is a call waiting the procedure will be cancelled.

Also, at the time of the attack, messages are sent to the victim’s WhatsApp notifying that your account is being registered on another device.

- Advertisement -

Latest articles

Twitter API will no longer be free, except for a limited trial

The Twitter API is a set of protocols and tools that allow developers to...

Xiaomi fines company that leaked design of its first electric car

THE Xiaomi fined 1 million yuan (approximately BRL 750,000) the auto parts manufacturer that...

More like this