How Hackers Take Over WhatsApp Accounts While Users Sleep

WhatsApp.
Sumber :
  • Misrohatun Hasanah

Jakarta – WhatsApp is the world's instant messaging app, was founded in 2009. The company name puns on the popular greeting What's up? and app short for application. 

The app, one of the first of its kind to provide messaging over WiFi, allows people to communicate on their smartphones across the world, making it a popular choice for people who live and travel abroad. 

It also works across major mobile device platforms, such as Android, and iOS. 

WhatsApp offers many security features like end-to-end encryption. However, as good as these security measures are, WhatsApp still cannot avoid the account being hacked, which can end up compromising the privacy of messages and contacts. 

WhatsApp.

Photo :
  • Getty Images

Recently, there's a tweet from @ihackbanme, tweeted on X previously known as Twitter, an issue about WhatsApp that has the potential to turn heads even when the user sleeps. 

He explained that attackers can take advantage of two things: a user's availability and how identity verification works on WhatsApp.

"A user who is not available to respond to verification checks – whether they're asleep, in-flight, or have simply set their smartphone to "do not disturb” – may be at risk of losing their WhatsApp account. All an attacker needs is their target's phone number," he wrote on January 20, 2023. 

Here's how it works. 

The attacker attempts to log in to a WhatsApp account. As part of the verification process, WhatsApp sends an SMS with a PIN to the phone number tied to the account, as quoted from Malwarebytes site.

The user is unavailable so doesn't realize there is a suspicious login. The attacker then tells WhatsApp that the SMS didn't arrive and asks for verification by phone call.

Since the account owner is still unavailable and cannot pick up the call, the call goes to the number's voicemail. Knowing the target's phone number, the attacker then attempts to access their voicemail by keying in the last four digits of the user's mobile number, which is usually the default PIN code to access the user's voicemail.

The attacker then has the WhatsApp verification code and can use it to access the victim's WhatsApp account. They can then set up their 2FA (two-factor authentication) on it, leaving the actual owner locked out of their account.

Once the account has been hacked, the attacker could use it to hijack accounts of the user's contacts, spread malware, or hold the account hostage until the owner pays up to get it back.

So, a user needs to be careful of it. And, this is how to protect a WhatsApp account from Hackers: 

1. Change the default PIN of your voicemail.

2. Enable two-step verification on your WhatsApp account:

  • Open Settings.
  • Tap Account > Two-step verification > Enable.
  • Enter a six-digit PIN.
  • Enter an email address, or tap Skip if you don’t want to. WhatsApp says it recommends adding an email address so you can reset two-step verification if you need to.
  • Tap Next.
  • Confirm the details and tap Save or Done.