WhatsApp has revealed a new method by which user accounts can be stolen by hackers, a warning even sent by the office of the prime minister of Israel alerting many users. It seems that the method was successfully tried in Israel, where the WhatsApp accounts of several people were stolen by this method by hackers, and since the alert comes directly from the head of the government, it is clear that the problem is serious.
WhatsApp can be the target of an account theft attack through a method that involves using the user's voicemail to retrieve the network authentication code using a cloned SIM card. Basically, a hacker who clones a SIM card, and wants to log in to WhatsApp, can use an authentication code taken from a voicemail, and can have access to all the conversations that the real user receives on his own phone number.
WhatsApp: ATTENTION NEW method to STEAL ACCOUNTS
WhatsApp can have the account stolen by this method if the user has not changed the password for accessing the voicemail online through a website or an application for mobile terminals. Many operators offer the possibility to remotely access a voice box to listen to messages, and thus hackers can steal people's WhatsApp accounts, if they have not changed their access password in the system that allows remote reading of voice messages.
"The general idea is that users who have voicemail accounts for their phone numbers are at risk if they don't change that account's default password, which in most cases tends to be either 0000 or 1234. The possibility of an account takeover happens when an attacker tries to add a legitimate user's phone number to a new WhatsApp app installation on his own phone. Following normal security procedures, the WhatsApp service would then send a one-time code via SMS to that phone number. This would typically alert a user to an ongoing attack, but Bar-Zik argues that a hacker could easily avoid this by carrying out the attack during nighttime or when he is sure the user is away from his phone. After several failed attempts to validate the one-time code sent via SMS, the WhatsApp service would then prompt the user to perform a "voice verification," during which the WhatsApp service would call the user's phone and speak the one-time verification code out loud."
WhatsApp cannot have the account stolen very easily, it is necessary to go through quite strict steps for the hacker to have access to the account, but those with a lot of patience can do the whole operation in one night. In Romania, I don't know how many mobile phone operators allow voicemail access via the Internet, but if you have such a service, it would be good to change the standard password that was set when it was activated, because your data can easily be stolen.
