WhatsApp, Facebook’s social messaging service that is hugely popular around the globe, is prone to being hijacked by someone else if a user is not careful enough.
The newly discovered trick which is doing the rounds allows any person to effectively get hold of a user’s WhatsApp account using nothing more than a target’s phone number and access to the phone itself. The process of grabbing hold of the account is actually surprisingly simple as pointed out by a video posted to YouTube, and oddly enough, it works on all platforms.
The whole process of taking control of a WhatsApp account goes something like this as pointed out by the video. First, someone tries to set up WhatsApp on a new phone using a target’s phone number. At this point, WhatsApp calls the phone number in question on the target’s phone and gives the person who answers a PIN that needs to be entered to authenticate the account. The thing is, if the person trying to steal the account has access to the target’s phone, they can answer the phone and get the code themselves. Since the call can be answered without any phone unlocking method being required, no PIN or password stands between the malicious person and the phone call with a WhatsApp PIN.
Things get worse on iPhone if Siri is thrown into the mix, because anyone who has Siri configured to work from the lock screen and also has their contact details set up in Siri’s settings has effectively given everyone access to their phone number without the need for a PIN. So, even if the person doing the account stealing doesn’t have the target’s phone number initially, they can get it easy enough by calling themselves from target’s phone using Siri.
Like mentioned above, this is by design and not really a flaw in WhatsApp or Siri for that matter. Be extra careful to who you lend your phone, and don’t leave it unattended for longer durations with strangers around.
You’ve been warned.
(Source: YouTube)
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.