There's a new way to steal WhatsApp accounts. According to the Israeli agency responsible for cybersecurity, attacks can be carried out without any interaction with victims or without them even knowing they are being affected. To do this, hackers only need their phone numbers.
According to the security expert Sophos, cybercriminals take advantage of the tendency for users to never change the default credentials provided by voice mail access providers associated with their telephone numbers. In this sense, hackers make a request to register the victims' phone number in the WhatsApp application. To verify the legitimacy of the user, the App sends a six-digit verification code via an SMS to the victim's phone.
According to the specialist explains, in a normal scenario, the victims would see the message and be alert that they were receiving a notification of something not requested. However, hackers make the attack at night, during bedtime or in other situations where the phone is in "do not disturb" mode. Although the hacker does not have access to the written code sent by the social network, it executes an automatic call to its number with a message reading the respective digits sent. When you do not accept the call, it is registered to voice mail.
With the message stored in voicemail, the next phase of hacking is exploiting a security breach of many telecom carriers. Using the numbers provided to your customers to call and listen to your recorded messages, the only security system is a four-digit PIN code. And this is where users fail to change their credentials, which by default can be "0000" or "1234", for example.
After accessing the WhatsApp code, deposited in voicemail, hackers complete the transfer of the social network account to their devices. And to prevent victims from reclaiming their credentials, criminals can still turn on two-factor authentication.
To prevent you from being the victim of similar attacks, experts suggest enabling two-factor authentication in the application settings.