WhatsApp can be hijacked – keep an eye on your devices!

SOURCE: https://bit.ly/1Kl7Egf

Facebook-Whatsapp-takeover_classibloggerIn fact, in January, it was the most popular messaging app on the planet, with more than 600 million active users, and by April it blew that number away, zooming up to 800 million active users.

That’s quite a lot of chitchat!

 

Of course, the little app that Facebook paid a whole lot of money for last year has had its share of security/privacy thrills and chills, such as spilling the beans about when you’re online; privacy holes that could lead to a bit of a private-image peepshow; another blunder that involved using non-secret information to construct secret encryption keys (which is a bit likeusing your pet’s name as a password); and then there was the two-time use of a one-time pad: a cryptographic technique requiring, as its name suggests, that you never re-use its key material.

The latest WhatsApp episode isn’t quite such a nail-biter, though, as it’s not a hole, per se. It’s more of a warning about the dangers of not keeping an eye on your gadget.

To wit: as The Hacker News reports, the WhatsApp account of every one of those 800 million(!) active users can be hijacked, without unlocking or knowing the device password.

Technical knowledge required: about zero.

Basically, all a wrongdoer needs is to know the phone number of a target and to get access to their phone – even if it’s locked – for a few seconds.

It doesn’t matter if the victim has a lock screen enabled on their phone, since that won’t block the hijacker from answering an authentication call and intercepting the (supposedly) secret PIN needed to set up the hijacked Whatsapp account on another phone.

The Hacker News notes that this gets nastier still with an iPhone that has Siri enabled on the lock screen, given that Siri can be persuaded to divulge all manner of contact details or notifications, “effectively giving everyone access to their phone number without the need for a PIN.”

whatppsecuityBut given that it’s part of the account setup mechanism, I’m assuming he or she will tell me that, well, it’s not a bug, since it’s part of the account setup mechanism.

But it is a good reminder to keep an eye on your devices when you’re out and about!

Oh, and if you have an iPhone, you may want to disable Siri on the lock screen.

Author: Amanda Walker

Share This Post On
Submit a comment

Submit a Comment