{"id":21097,"date":"2023-01-26T16:10:17","date_gmt":"2023-01-27T00:10:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/01\/26\/news-14830\/"},"modified":"2023-01-26T16:10:17","modified_gmt":"2023-01-27T00:10:17","slug":"news-14830","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/01\/26\/news-14830\/","title":{"rendered":"WhatsApp hijackers take over your account while you sleep"},"content":{"rendered":"<p>Late last week, Twitter user Zuk (<a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/ihackbanme\" target=\"_blank\">@ihackbanme<\/a>) tweeted an issue about WhatsApp that has the potential to turn heads.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The recent WhatsApp accounts takeover is simple and genius. <\/p>\n<p>This is how it works:<br \/>You&#8217;re sleeping.<br \/>A &#8220;hacker&#8221; tries to login to your account via WhatsApp.<br \/>You get a text message with a pincode that says &#8220;Do not share this&#8221;.<\/p>\n<p>You don&#8217;t share it, yet you still get hacked. <\/p>\n<p>How?<\/p>\n<p> &mdash; Zuk (@ihackbanme) <a href=\"https:\/\/twitter.com\/ihackbanme\/status\/1616192784960217088?ref_src=twsrc%5Etfw\">January 19, 2023<\/a><\/p><\/blockquote>\n<p class=\"sample\"> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>He explains that&nbsp;attackers can take advantage of two things: a user&#8217;s availability and how identity verification works on WhatsApp.<\/p>\n<p>A user who is not available to respond to verification checks&mdash;whether they&#8217;re asleep, in-flight, or have simply set their smartphone to &#8220;do not disturb&#8221;&mdash;may be at risk of losing their WhatsApp account. All an attacker needs is their target&#8217;s phone number.<\/p>\n<p>Here&#8217;s how it works.&nbsp;<\/p>\n<p>The attacker attempts to log in to a WhatsApp account. As part of the verification process, WhatsApp sends an SMS with a PIN to the phone number tied to the account.<\/p>\n<p>The user is unavailable so doesn&#8217;t realise there is a suspicious login. The attacker then tells WhatsApp that the SMS didn&#8217;t arrive and asks for verification by phone call.<\/p>\n<p>Since the account owner is still unavailable and cannot pick up the call, the call&nbsp;goes to the&nbsp;number&#8217;s voicemail. Knowing the target&#8217;s phone number, the attacker then attempts to access their voicemail by keying in the last four digits of the user&#8217;s mobile number, which is usually the default PIN code to access the user&#8217;s voicemail.<\/p>\n<p>The attacker then has the WhatsApp verification code, and can use it to access the victim&#8217;s WhatsApp account. They can then set up their own 2FA (two-factor authentication) on it, leaving the actual&nbsp;owner locked out of their own account.<\/p>\n<p>Once the account has been hijacked, the attacker could use it to&nbsp;hijack accounts of the user&#8217;s contacts, spread malware, or hold the account hostage until the owner pays up to get it back.<\/p>\n<h2>How to protect your own WhatsApp account<\/h2>\n<p>This isn&#8217;t a new tactic, and has been around for a while, but there are two pretty simple things you can do to avoid it happening to you.<\/p>\n<p>1. Change the default PIN of your voicemail.<\/p>\n<p>2. Enable <a href=\"https:\/\/faq.whatsapp.com\/1920866721452534\" target=\"_blank\">two-step verification<\/a>&nbsp;on your WhatsApp account:<\/p>\n<ul>\n<li>Open Settings.<\/li>\n<li>Tap&nbsp;<strong>Account<\/strong>&nbsp;&gt;&nbsp;<strong>Two-step verification<\/strong>&nbsp;&gt;&nbsp;<strong>Enable<\/strong>.<\/li>\n<li>Enter a six-digit PIN.<\/li>\n<li>Enter an email address, or tap&nbsp;Skip&nbsp;if you don&rsquo;t want to. WhatsApp says it recommends adding an email address so you can&nbsp;reset two-step verification if you need to.<\/li>\n<li>Tap&nbsp;Next.<\/li>\n<li>Confirm the details and tap&nbsp;Save&nbsp;or&nbsp;Done.<\/li>\n<\/ul>\n<p>Stay safe!<\/p>\n<hr \/>\n<p><strong>We don&#8217;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading&nbsp;Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/protect-your-whatsapp-account-against-actors-who-try-to-steal-it-while-you-sleep\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: WhatsApp<\/p>\n<p>Tags:  Zuk<\/p>\n<p>Tags:  @ihackbanme<\/p>\n<p>Tags:  voicemail attack<\/p>\n<p>Tags:  WhatsApp hack<\/p>\n<p>There&#8217;s an easy way to protect yourself. Here&#8217;s how.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/protect-your-whatsapp-account-against-actors-who-try-to-steal-it-while-you-sleep\" title=\"WhatsApp hijackers take over your account while you sleep\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/protect-your-whatsapp-account-against-actors-who-try-to-steal-it-while-you-sleep\">WhatsApp hijackers take over your account while you sleep<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[28452,32,28453,10440,28454,28451],"class_list":["post-21097","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-ihackbanme","tag-news","tag-voicemail-attack","tag-whatsapp","tag-whatsapp-hack","tag-zuk"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21097"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21097\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21097"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}