The simplest techniques are sometimes the most dangerous. Zuk Avraham, cybersecurity researcher and specialist in mobile systems, has just publicly shared on Twitter a formidable technique that would allow a hacker to hack into an account. WhatsApp.
An attack via voicemail
The procedure shared by Zuk requires the owner of the WhatsApp account to be sleeping. Why ? Because, usually, smartphone users turn off their device before bedtime or activate airplane mode. Telephone calls are thus cut off, redirecting them to voicemail. To access your account, a potential hacker might just need to dial your phone number to log in. An SMS is sent, but the phone is offline, this message remains pending. The hacker therefore performs a new test using WhatsApp’s call verification.
The automatic service calls your number and leaves a message, with the identification number, on your answering machine. The hacker can then access the latter simply by means of remote messaging. Most operators offer a service to consult these voice messages remotely. Only the mobile number and a secret code are required to access the answering machine. However, the secret code is often a four-digit number, sometimes composed by default of the last four of the telephone number (abroad at least). Access to messaging is thus facilitated for the hacker who can then listen to the message, write down the WhatsApp code and access your account.
Once the account is hacked, “whatsapp account recovery process takes several days”. During this time, the hacker may attempt to scam your contacts or spread malware within your conversations.
To avoid this type of attack, Zuk Avraham recommends changing your voicemail code and setting up additional authentication in WhatsApp, especially by email. A simple but formidable attack that may well have been used by malicious hackers.