The Infosec Lab Blog

Whatsapp Account Hijacking

With over 2 billion users worldwide, WhatsApp has become undeniably the primary messaging application for almost every smartphone user. Bad people have been around from the beginning of time to date. Just like with other older communication technologies, these bad are now taking advantage of vulnerabilities to target innocent users via Whatsapp.

In the past, software applications weren’t created with security in mind (DevOps). Developers now have no option but to incorporate security at every stage (DevSecOps). Whatsapp has tried to catch up by providing a couple of security features to keep its users safe and their data safe. It’s up to the users to take advantage of these safety features for their benefit.

Staying safe now is a shared responsibility of the user and the Application. As mentioned above, Whatsapp has done its part. The rest lies on the shoulders of the user.

Scammers now use the re-registration process to hijack WhatsApp accounts.

WhatsApp’s Re-registration Process

User accounts are tied to the phone numbers of WhatsApp users. A temporary code is sent to the user’s phone number for verification in order to connect the device to the WhatsApp network.

How scammers Hijack a User’s Account

The victim usually receives a message from a compromised account of a known person, which could be Facebook, Twitter, SMS, or WhatsApp asking for a six-digit code you may have received.

Once the victim sends the code the attacker enters it and takes over the account. To make matters worse, the attacker may go on to set up two-factor authentication to prevent the victim from taking back his account. This attacker now poses as the victim to contact the other contacts of the victim and uses the same procedure to hijack their accounts.

Consequences

Privilege Escalation: There is an automatic case of privilege escalation when the victim is an admin of a WhatsApp group. This attacker gets to be the admin of the group and can choose to delete all other admins.

Information Breach: For WhatsApp groups where sensitive information is shared, this could mean a serious breach information breach.

Lateral Movement: With Whatsapp being a part of a larger family of social media applications like Facebook and Instagram, there is a possibility of the attacker taking over such accounts as well. For a start, if the victim’s Facebook page is connected to the WhatsApp number, the attacker may be receiving messages from the users of the Facebook page.

Impersonation and spoofing: All unsuspecting contacts of the victim are likely to be tricked into performing various actions due to the trust they have in the victim.

Mitigation

All is not lost when your account is hijacked. What matters when your account is breached is to quickly act to get it back. It is understandable that no matter how paranoid you may be, there is a 1% moment of weakness that could be exploited at a certain time. You can follow some of the steps below to get back to your account.

Information dissemination: Inform those who matter about the situation. If you belong to any WhatsApp group, ask the administrator to take you out of the group until the issue is resolved. 

Login Again: Log in to your WhatsApp again, like setting it up again.  This will automatically log the attacker out of your account. The situation however becomes a bit complicated when the attacker sets a two-factor authentication. There is no need to be alarmed if that is the case. You and the attacker won’t be able to use your account for 7 days, after which you will have your account back.

Way Forward

Set up two-step verification on your WhatsApp account
As a safety rule, Never give out any PIN or One- Password/PIN to anyone again

Leave a Comment

Your email address will not be published. Required fields are marked *

Solverwp- WordPress Theme and Plugin

Exit mobile version