Israel’s cybersecurity agency has issued a countrywide alert warning people of a scary WhatsApp hack, one that revolves around voicemail security.
Found nearly a year ago, the hack is more of a trick that gives unauthorized WhatsApp access to a hijacker. It has already been used to trigger a wave of hackingincidents in the Middle Eastern country.
Here are the details.
Unauthorized voicemail access is the key
The hackers, as the agency warned, are gaining WhatsApp access by using voicemail accounts of the targeted users.
Voicemail accounts are pin-protected, but in most cases, people do not change their default pin (either 0000 or 1234), giving hackers a window to attack.
They can remotely access the voicemail at night (or when the real-user is away) and can ultimately hack WhatsApp.
But, how WhatsApp can be compromised with voicemail?
Logging into WhatsApp (on a new device) requires phone number verification, where the service sends a security code to the number.
Normally, this should warn the real user of a potential attack, but if they’re asleep or away, the code won’t raise any alarms.
Following some text alerts, the service delivers the code via call, which, if not answered, would go straight to voicemail.
Final blow after code access
Once the call lands in voicemail, the hacker can easily get the verification code and follow the next steps to login into WhatsApp on their device.
Next, as you imagine, they can not just read your messages or download already sent media, but can also enable two-step verification to make sure you cannot get back to your WhatsApp account.
How to prevent such attacks?
The best way out, as the agency warning noted, is to change the PIN for voicemail accounts, immediately.
Not to mention, users should make sure that two-step verification is already enabled on their WhatsApp account.
This way, WhatsApp would seek a 6-digit PIN on every new login, keeping potential hackers at bay.