CAPE TOWN – A nationwide security alert has been sent out by the Israel National Cyber Security Authority warning users about a new method of hijacking WhatsApp accounts.
In a statement, the Israeli Prime Minister’s Office said that they have received several reports of private WhatsApp accounts being hacked.
How it is done is by using the mobile providers’ voicemail systems.
According to a report by ZDNet, it confirmed this method and said that users who have voicemail accounts with default passwords are at risk.
ZDNet states this is how the WhatsApp account takeover attack happens:
- The attacker tries to add a legitimate user’s phone number to a new WhatsApp installation on his own phone.
- WhatsApp’s security procedure will send a one-time code via SMS to the victim’s phone. This will alert the legitimate user of the attack, but if it happens when they are asleep, they will not know.
- Several failed SMS validation attempts result in WhatsApp prompting the user to do a “voice verification”. WhatsApp will call the victim’s phone and speak the one-time verification code.
- This code, which was phoned through by WhatsApp to the victim’s phone, will land up in voicemail if the victim does not answer.
- The attacker can now access the victim’s voicemail account and get access to the one-time code to hijack the victim’s WhatsApp account.
To prevent you or your family members of becoming victims to the WhatsApp account hacking method, users need to change their voicemail passwords and enable WhatsApp’s two-step verification.
BUSINESS REPORT ONLINE