News

How the WhatsApp hijacking technique works and how can protect WhatsApp?

How even it is possible that the richest man’s mobile can be hacked with a simple WhatsApp message. Just few months ago it was discovered that Jeff Bezos’ smartphone was compromised using a malicious video that Amazon’s founder received via WhatsApp. Imagine the possibility of compromise of smart phone of common users who do not bother about or even not aware about setting up basic security on mobile and its app. This incident caused millions of users to start worrying about the privacy of their messages and the security of their devices, say cyber security awareness specialists.

While there are multiple methods to protect a WhatsApp account, it is necessary to mention that, when a threat actor is dedicated, skillful and stealthy enough, it is highly likely that he or she will be able to take control of a target user’s account, which would also compromise the victim’s mobile device. Recently a new method was revealed to hijack a WhatsApp account, which will be exposed below.

According to cyber security awareness experts, when someone buys a new smartphone and installs their accounts and apps using security backups, WhatsApp sends the user a verification code to the new phone. This code serves to validate the new phone and the user can restore their contacts and even recover their conversations if backups were created; otherwise, chats will appear empty.

WHAT’S ABOUT THIS ATTACK?

This would open the door to hackers, who could recover any user’s WhatsApp account on a new device by simply intercepting the validation code. Using a conventional smartphone, hackers install WhatsApp and begin searching for a potential victim.

The attack depends on access to the victim’s smartphone, so the threat actors need to be close to the target user. When you download the app, hackers enter the victim’s phone number into the new account. By staying close to the target smartphone, hackers can obtain the verification number sent to the victim, allowing them to validate the attacked account on their own smartphone and take control of the victim’s information.

While in some cases hackers do not have access to conversations between two users, they can access chat groups, including multimedia content that is shared on WhatsApp.

HOW TO PREVENT THIS ATTACK?

According to cyber security awareness experts, one of the basic security measures is to disable the preview of SMS messages (and any other notifications) on the smartphone lock screen. This feature might expose important information if the user is not careful enough.

In addition, users should not move away from their smart devices. Like any other valuable object, physical safeguarding is critical.

Finally, the International Institute of Cyber Security (IICS) recommends implementing the two-step verification feature on WhatsApp, which helps mitigate the risk of access by an unidentified user. To enable this feature:

  • Go to Settings/Account/Two-Step Verification and click Activate. In that menu, enter a six-digit code. Choose one you can remember later

 

  • Enter your email address to add an additional layer of security. Finally, you’ll see the two-step verification confirmation enabled on your smartphone