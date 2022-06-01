There is a trick that allows attackers hijack a person’s WhatsApp account and access personal messages and to your contact list. This attack was discovered by the company CloudSEK and the specialized security media Bleeping Computer tested and found that the method works, albeit with some difficulties “that a sufficiently skilled attacker could overcome.”

How do they get it? Well, from what is known so far, the method is based on using an automated service from mobile phone operators and so on. forward calls to a different phone numberusing WhatsApp’s option to send a One Time Password (OTP) verification code via voice call.

WHATSAPP Tricks and tips to HIDE YOURSELF TO THE MAXIMUM and maintain your PRIVACY

A few minutes to get hold of WhatsApp

The attacker needs to know the phone number of the target to achieve his purpose. Getting the numbers is not that difficult. Last year, thanks to massive phishing attacks, some attackers took over the numbers of a large part of the Spanish citizenry. And also after an attack on Facebook.

According to experts, “it takes only a few minutes to take over a victim’s WhatsApp accountThe CloudSEK leader says that an attacker first needs to convince the victim to make a call to a number that begins with a Human-Machine Interface (MMI) code that the mobile operator has configured to allow forwarding of messages. calls.

A running USSD Code (or MMI code, as mentioned in the previous paragraph) appears when a code is dialed from the terminal from which a response is received from the network to perform some operation such as checking or activating diverts. They are usually codes that are preceded by symbols, such as * or #, which makes them different from a call, as Movistar makes clear.

Depending on the operator, a different MMI code can divert all calls to one terminal to a different number or only when the line is busy or there is no reception.

As they explain from the company that has discovered these attacks: “First, you receive a call from the attacker who will convince you to make a call to the following number **67* or 405. Within a few minutes, your WhatsApp would be taken offline and attackers would gain full control of your account.”

The investigator explains that the 10-digit number belongs to the attacker and the MMI code that precedes it instructs the mobile operator to forward all calls to the phone number specified behind it when the victim’s line is busy.

Once the victim has been tricked into forwarding calls to their number, the attacker starts the WhatsApp registration process on their device, choosing the option to receive the OTP via voice call. After obtaining the code OTP, the attacker can register the victim’s WhatsApp account on their device and activate two-factor authentication (2FA), which prevents the rightful owners from gaining access again.

Problems in the process

First, the attacker must ensure that they use an MMI code that forwards all calls, regardless of the state of the target device. “For example, if the MMI only forwards calls when a line is busy, call waiting can cause hijacking to fail,” they explain.

Another reported problem is that while someone is trying to steal their account, they receive messages on their WhatsApp informing them that WhatsApp was registering on another device.