Application security

New WhatsApp account hijacking technique detailed

Sophisticated threat actors could leverage a call forwarding technique to hack into WhatsApp accounts and access users' messages and contacts list, BleepingComputer reports. CloudSEK founder and CEO Rahul Sasi said that using call forwarding for WhatsApp account hijacking would require attackers to have their targets' phone numbers, as well as perform social engineering tactics. Potential victims would have to be convinced to communicate with a number using a Man Machine Interface code enabled by mobile carriers for call forwarding. "First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account," said Sasi, who added that once the call forwarding lure is successful, attackers would activate the option to receive one-time passwords through voice calls. Threat actors could then register the WhatsApp account on their device and block legitimate owners through two-factor authentication, according to Sasi.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.