Sometimes the simplest techniques are the most dangerous. Zuk Avraham, a cybersecurity researcher who specializes in mobile systems, publicly shared on Twitter a formidable technique that would allow a hacker to hack into an account. The WhatsApp.
Voicemail attack
The action shared by Zuk requires the owner of the WhatsApp account to be asleep. why ? Because smartphone users usually turn off their devices before going to sleep or activate airplane mode. Thus, phone calls are cut off and forwarded to voicemail. To access your account, a potential hacker may only need to ask for your phone number to log in. An SMS has been sent, but the phone is not connected, and this message remains on hold. So the hacker makes a new test using WhatsApp call verification.
The automatic service calls your number and leaves a message with the identification number on the answering machine. The hacker can then access the latter simply by remote messaging. Most operators offer a service to remotely consult these voice messages. Only mobile phone number and pin code are required to access the answering machine. However, the secret code is most often four digits long, and sometimes by default consists of the last four digits of a phone number (abroad at least). Thus, access to the messaging is facilitated for the hacker who can then listen to the message, write the WhatsApp code, and gain access to your account.
Once the account is hacked, The whatsapp account recovery process takes several days.. During this time, the hacker might try to phish your contacts or spread malware in your chats.
To avoid this type of attack, Zuk Avraham recommends changing your voicemail code and setting up additional authentication in WhatsApp, especially via email. A simple yet massive attack that may have been used by malicious hackers.