October 8, 2018 at
A recent wave of hacking attack continues, with new reports of Israeli WhatsApp accounts getting hijacked by unknown invaders. As a result, the government’s cybersecurity agency responded by sending a nation-wide alert on Tuesday.
The alert claims that a new method of hijacking WhatsApp accounts was detected. According to the Israel National Cyber Security Authority, this new method includes misuse of voicemail systems created by mobile providers. This method was first uncovered by Ran Bar-Zik, Oath’s web developer. The method was discovered last year, and it uses the voicemail accounts of users that have failed to change the default password.
How does the attack work?
Account hijacking can happen as a result of an attacker trying to add a phone number of another user to their own newly-installed WhatsApp. During the regular security procedures, WhatsApp service sends a code to the said phone number via SMS. Typically, users would be alerted that something is happening with this code. However, if the attack happens when the phone is not being used — at nighttime, for example — attacker has the time to validate the code that arrived via SMS.
After failing several times, WhatsApp would have to resort to a voice verification, where the service would call the user, and ask them to speak the verification code aloud. If the targeted user doesn’t pick up, the message would end up in their voicemail. From this point on, all that the hacker needs to do is access the victim’s voicemail by using a default PIN. They would recover the code and enter it in their own WhatsApp. That way, the phone number of the victim would get linked to the app used by the hacker, and the account would get hijacked from its real owner.
This is where the real problem for the legitimate account user arises since now, the hacker can easily enable two-step verification. This effectively prevents the real user from recovering the account, since they need a six-digit code that only the hacker knows. Even worse is the fact that there is no need for any kind of technical skills to perform this process. The attack doesn’t even require any equipment, apart from the smartphone and a free WhatsApp application.
The method has seemingly become quite popular among the hackers in Israel and has been massively performed in the last several weeks. Because of this, the alert urges users to immediately change their default voicemail password and to put a strong one in its place. Additionally, users can also enable two-step verification themselves.
While the alert was initially released by the authorities of Israel, WhatsApp users around the world might fall victim to this method. Bar-Zik himself confirmed that this is a very well-known method and that it has nothing to do with Facebook.
Many have argued that the attack can also be prevented if telecommunication companies did not use the same password for all of their customers. Additionally, a security researcher Martin Vigo also uncovered that this same technique can be used for hijacking other apps. This includes Facebook, Twitter, PayPal, WordPress, eBay, and even Google. He also created a tool called Ransombile that automates such attacks.