How to easily hack a WhatsApp Account?

As reported by the colleagues by TheHackerNews I’m not encouraging users to hack others WhatsApp account, but the purpose of publishing this post is to warn its users about possible risks. It is a good practice not to leave it unattended the mobile device for longer durations.

The trick could be exploited by the attacker to get full control over the victim’s account and works for every mobile platform.

By choosing the right time, for example, when the victim goes away to do something (2 minutes it’s enough), the attacker just needs to perform the following actions:

• Download WhatsApp and create a new account
• When creating the new account use your victim’s number
• In the process of creating the account ask WhatsApp to call the victim number to provide you with the PIN code.
• Since you are in front the victim’s mobile phone you can accept the call from WhatsApp

Now you know the pin code, you can finish up the account creation and you will have access to your friend’s WhatsApp’s. Now assume that your victim has all his private conversations backup and you can restore all his/her chat history.  Great, right?

Using this known and simple trick your colleagues can hijack your WhatsApp Account easily.

If the target uses an iPhone the hack is quite simple, especially when the owner has configured the iPhone with Siri authentication for the lock screen. In this case all the contact details are available to access the Siri’s settings, this means that an attacker can access them without the need for a PIN. In this case, the attacker can easily discover the victim’s phone number.

“Thus, if you try to steal the account information of WhatsApp, without even having the phone number of the target user, you can just call your number from target’s phone using Siri.target’s phone using Siri.” states THN.

Below the video PoC for the WhatsApp hack.