How to easily hack a WhatsApp Account?

TheHackerNews has reported a simple trick that allows to hijack a WhatsApp account easily on every mobile platform by knowing the victim’s phone number.

The popular mobile messaging app WhatsApp is vulnerable to hijacking exposing hundreds of Millions of users vulnerable to attack. It could be quite easy to take over a WhatsApp account when the attacker has the phone number of the victim., even if it is locked

The attack also works in case the mobile device is locked, it doesn’t exploit any vulnerability in the popular messaging app, instead it relies on the way the account setup mechanism works are implemented by WhatsApp.

As reported by the colleagues by TheHackerNews I’m not encouraging users to hack others WhatsApp account, but the purpose of publishing this post is to warn its users about possible risks. It is a good practice not to leave it unattended the mobile device for longer durations.

The trick could be exploited by the attacker to get full control over the victim’s account and works for every mobile platform.

By choosing the right time, for example, when the victim goes away to do something (2 minutes it’s enough), the attacker just needs to perform the following actions:

  • Download WhatsApp and create a new account
  • When creating the new account use your victim’s number
  • In the process of creating the account ask WhatsApp to call the victim number to provide you with the PIN code.
  • Since you are in front the victim’s mobile phone you can accept the call from WhatsApp

Now you know the pin code, you can finish up the account creation and you will have access to your friend’s WhatsApp’s. Now assume that your victim has all his private conversations backup and you can restore all his/her chat history.  Great, right?

Using this known and simple trick your colleagues can hijack your WhatsApp Account easily.

If the target uses an iPhone the hack is quite simple, especially when the owner has configured the iPhone with Siri authentication for the lock screen. In this case all the contact details are available to access the Siri’s settings, this means that an attacker can access them without the need for a PIN. In this case, the attacker can easily discover the victim’s phone number.

“Thus, if you try to steal the account information of WhatsApp, without even having the phone number of the target user, you can just call your number from target’s phone using Siri.target’s phone using Siri.” states THN.

Below the video PoC for the WhatsApp hack.

 

Pierluigi Paganini

(Security Affairs –  WhatsApp, Hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

NHS England confirmed that multiple London hospitals impacted by the ransomware attack at Synnovis were…

9 hours ago

DORA Compliance Strategy for Business Leaders

In January 2025, European financial and insurance institutions, their business partners and providers, must comply…

1 day ago

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report…

2 days ago

City of Cleveland still working to fully restore systems impacted by a cyber attack

Early this week, the City of Cleveland suffered a cyber attack that impacted multiple services.…

2 days ago

Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

Ukraine’s security service (SBU) detained two individuals accused of supporting Russian intelligence in spreading propaganda…

2 days ago

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively…

3 days ago

This website uses cookies.