(Image source from: Daily Express)
WhatsApp has over again generated dismay among people worldwide after a new hack on messaging platform could give cybercriminals access to the users account.
According to a Naked Security, a blog run by British security company Sophos, cybercriminals attempt to gain access to one's WhatsApp account by fetching benefit of weakly secured voicemail inboxes.
Israel's National Cyber Security Authority issued a nationwide warning as attacks turned out to be rife.
How Hacking is Executed?
The attackers, initially, try to install WhatsApp application on their own phone using a legitimate user's phone number.
WhatsApp attempts to confirm the login attempt by sending a six-digit verification code through text message to the victim's telephone.
Hackers attempt to do this at a time when the victim may not be checking their phone, like nighttime.
WhatsApp then gives users the alternative to direct the six-digit code via a phone call with an automated message.
Since the user is not checking their phone, the message ideally goes to their voicemail.
The hacker and so takes advantage of a security defect in many telecommunications networks, which render customers with a generic phone number to call and retrieve their voicemails.
For numerous voicemails, users solely have to enter a four-digit PIN, which if they have not changed it, is typically a casual password such as 0000 or 1234 by default.
Hackers enter the password and gain access to the victim's voicemail inbox, thereby letting them listen to the pre-recorded message from WhatsApp that contains the six-digit code.
They enter that code into their own device, giving them absolute access to the victim's WhatsApp account.
Making matters worse, especially savvy hackers can set up two-factor authentication for the WhatsApp account, which requires users to enter a unique PIN code if they want to re-verify their phone number.
This prevents the victim from regaining control over their personal phone number, Sophos noted.
Turn on Two-Factor Authentication
The attack was first documented by a web developer Ran Bar-Zik, at Oath, but resurfaced once again in a new report by ZD Net.
Israeli security officials have warned that the attack has been on the outgrowth in recent weeks.
They recommend that users turn on two-factor authentication on their account, which adds an extra layer of security to your account.
"Using application-based 2FA...mitigates a lot of the risk, because these mobile authentication apps don’t rely on communications tied to phone numbers," Sophos researchers explained.
Users can do that by navigating to Settings in WhatsApp, then tapping 'Account.' Navigate to the 'Two-step verification' heading and tap 'Enable.'
The experts further say users should make sure they have a beefed-up PIN on their voicemail inbox.
According to internet security provider Norton, the shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters.