How WhatsApp hacking works

[Hanno Labuschagne]

How WhatsApp hacking works

While WhatsApp promises end-to-end encryption for all communications over the platform, attackers can still trick users into giving them the information needed to hijack their accounts.

WhatsApp’s security and privacy are in the spotlight after Iranian state television advised citizens to uninstall the app from their devices, alleging that its owner, Meta Platforms, shares user data with Israel.

 

[satanboy]

/looks out window

not Iran

 

[_TrXtR_]

Didn't uk recently request and get a backdoor for WhatsApp in their country? Maybe I read wrong

 

[longboy]

Didn't uk recently request and get a backdoor for WhatsApp in their country? Maybe I read wrong

Almost all countries have backdoors in WhatsApp. They can monitor you in real time and see your entire phone via this.

In May, the NSO Group—the Israeli firm which developed the Pegasus spyware—was ordered to pay WhatsApp $167m over a hacking campaign that targeted 1,400 users in 2019.3 days ago

Why Iran Is Telling Residents to Delete WhatsApp Now | TIME​

 

[RedViking]

Stopped reading at no 2FA.

If you don't have 2FA activated for your accounts then you should not moan if your account got unauthorised access.

Also Afrihost needs to wake up and allow us to use an Authenticator and not the useless SMS OTP. How the heck it is not an option for such a big company boggles my mind.

 

[pstation]

They don't even need to hack whatsapp.

We can assume that the US, Israel, etc all have countless 0 days for android and iOS devices. If you can hack the entire device, there isnt really a need to hack the actually whatsapp application.

 

[RedViking]

They don't even need to hack whatsapp.

We can assume that the US, Israel, etc all have countless 0 days for android and iOS devices. If you can hack the entire device, there isnt really a need to hack the actually whatsapp application.

WhatsApp requires authentication every time I open the app.

 

[longboy]

WhatsApp requires authentication every time I open the app.

US/EU has spyware like Pegasus and even more sinister programs that can gain access to your entire Android OS and all it's apps.

 

[RedViking]

US/EU has spyware like Pegasus and even more sinister programs that can gain access to your entire Android OS and all it's apps.

I feel sorry for them if they do. All they gonna get us a bunch of GIF's and a collection of Hate Poems written to estate agents.

 

[Swa]

Stopped reading at no 2FA.

If you don't have 2FA activated for your accounts then you should not moan if your account got unauthorised access.

Also Afrihost needs to wake up and allow us to use an Authenticator and not the useless SMS OTP. How the heck it is not an option for such a big company boggles my mind.

I had an unused X account hacked. I checked and there was no unauthorised access to the password reset OTP they sent so the vulnerability was internal. On Instagram setting an 2FA only caused login issues with multiple accounts. This goes with what I said before that in most cases 2FA is just a plaster for an insecure system and even the vulnerability itself. Fix the issues with 2FA and insecure systems first and if you do that then 2FA isn't even needed.

 

[longboy]

I feel sorry for them if they do. All they gonna get us a bunch of GIF's and a collection of Hate Poems written to estate agents.

They'd find a lot of animal-girl porn on my Android. Like bunny girls/cat-girls etc.

Not sure why I recently picked up this fetish. Probably from recent One Piece episodes.

 

[SauRoNZA]

Stopped reading at no 2FA.

If you don't have 2FA activated for your accounts then you should not moan if your account got unauthorised access.

Also Afrihost needs to wake up and allow us to use an Authenticator and not the useless SMS OTP. How the heck it is not an option for such a big company boggles my mind.

What are they going to steal from Afrihost? Your invoice?

2FA is also quite hackable with a bit of social engineering.

 

[Globetrotter65]

The pubic still believes that social media including WhatsApp are secure. In fact on the other hand there are the US Department of Homeland Security, the FBI, and the State Department are among many US federal agencies that routinely monitor social platforms, for purposes ranging from conducting investigations to identifying threats to screening travellers and immigrants. The US Patriot Act, the US Homeland Security Act and some other support the activities. As conclusion that means, that at least all social media and cloud services that are hosted (including back ups) on US territory do have most probably backdoors to support the legal requirements. Apple, Alphabet, Amazon, Meta, Microsoft, Signal Foundation, X, etc. are all US companies and they are providing apps and services like iCloud, WhatsApp, Facebook, Instagram, Signal, Gmail, X, among many others.

 

[FiestaST]

"WhatsUp" mos.