Security has never been one of WhatsApp's strong points And it is that the messaging application has been created step by step , embracing new features and building along the way. Something that has not allowed it to have stable security barriers that make it impregnable against information theft, attacks by hackers or the possibility of altering your content, as long as you have the necessary tools and precise knowledgeHowever, the application has come up against it by applying patches and new barriers, such as message encryption Now we have discovered a new way to steal the WhatsApp account from another user that will make anyone's hair stand on end due to its simplicity.
This is a vulnerability with which a person can steal another's WhatsApp account and usurp your person, although not review all conversations. A problem discovered by security expert Chema Alonso, well known for finding flaws in security systems of different services. In this case, the process only needs to have the victim's mobile phone for at least five minutes, in addition to knowing their phone number phone, regardless of whether the terminal is locked
The idea is really simple. It is enough to have the victim's mobile phone at hand and another terminal where WhatsApp has just been installed When activating the application, all you have to do is enter the victim's phone number However, instead of corroborating the information with the classic SMS message with the security code, you have to request the call In this way the WhatsApp service calls to the victim's number to dictate the security code out loud to be entered into the new mobile.
This is where the biggest problem lies, since neither iPhone nor Android lock the terminal when a call is received. Thus, anyone can pick up the mobile and listen to said code, entering it in the other mobile to access their group conversations , to your contacts and to others chatsOf course, the message history is not available, so you won't be able to see old messages, or review old conversations where you can gossip about the contents, messages, photos, and videos. Although the possibilities of doing much harm are still there.
But the worst thing is that WhatsApp closes the user's account in his own terminal when activating it in the other. A period of 30 minutes during which the victim can do nothing but wait. And not only that. If the attacker continues to insist after that period, the waiting interval increases up to four hours , preventing the victim from being able to resume their chats. Also, when you do so, you won't be able to see what the attacker said on your behalf.
Apparently, the only way to prevent this from happening is blocking the phone number that WhatsApp uses to make the call with confirmation codeSomething that will prevent the attacker from using the system through his mobile.
http://youtu.be/uIZhSNgpmOY
Therefore, it is a good idea not to lose sight of the terminal at any time. And it is that only five minutes are necessary to be able to request activation by phone call Of course, for this you always have to have access to the victim's terminal A violation that the expert Chema Alonso has already de alt with notify WhatsApp, and we will have to wait to see how they resolve.
Images via: The Evil Side
