Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Page 1 of 6 12345 ... LastLast
Results 1 to 15 of 81

Thread: Hijacking Whatsapp and how to prevent it

  1. #1
    Super Grandmaster JetsetWilly's Avatar
    Join Date
    Jul 2008
    Posts
    25,317
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Lightbulb Hijacking Whatsapp and how to prevent it

    So this might be common knowledge to most, but I thought i'd just post my quick experience of how easy it is to hijack a Whatsapp profile with limited access to the person's phone.

    1) Install or reinstall Whatsapp on your device (or Android emulator) - the device needn't have a SIM, only internet connectivity.
    2) When you start Whatsapp, it asks for your cell number to verify it - enter the number of the target phone to hijack
    3) It takes a minute to verify the phone then it sends an SMS to the target phone
    4) Glance at the target phone screen and get the 6 digit code that was SMS'd (even if it's locked, it could show up on the lock screen - this depends on the phone and setup)
    5) Enter it into your phone into Whatsapp
    DONE

    You now have full access to the victim's whatsapp to send / receive messages (and possibly bank with Absa if they have set it up on Whatsapp?)

    Steps to prevent being hijacked this way:
    1) Disable sensitive notifications on your lock screen (both Android and iOS can do this - under settings) - obviously have a secure pin / lock screen. Depending on the model and Android flavour how this is set is done differently. If your phone doesn't show incoming SMS text on the lock screen, then you're sorted.
    2) Enable Whatsapp 2FA - when the attacker tries to set up Whatsapp on the new device, it requests your 2FA pin.

  2. #2
    Super Grandmaster Bryn's Avatar
    Join Date
    Oct 2010
    Location
    PE
    Posts
    12,559
    Mentioned
    12 Post(s)
    Tagged
    0 Thread(s)

    Default

    My phone has a thing in the notification bar when WhatsApp Web is active. Surely it's impossible for someone to stealthily use your WhatsApp?

    And these days everyone has biometric security. Just don't leave your phone unguarded.

  3. #3
    Super Grandmaster JetsetWilly's Avatar
    Join Date
    Jul 2008
    Posts
    25,317
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by Bryn View Post
    My phone has a thing in the notification bar when WhatsApp Web is active. Surely it's impossible for someone to stealthily use your WhatsApp?

    And these days everyone has biometric security. Just don't leave your phone unguarded.
    I'm talking about taking over Whatsapp - not using WA web, but yes - hopefully you should notice it before damage is done... The minute you try access WA on your phone, it will say it's been enabled on another phone and you have to re-enable it on your phone to access it. If you see that, you know you've been compromised and you should immediately enter your phone number and re-register your phone to get the other party logged out on their device.

    HOWEVER, if your phone is stolen... no need for the theif to even unlock it before they access WA (unless you have sensitive notifications on lock screen disabled)... and SQUAT you can do about it until you do a sim swap.

    Even biometric security does nothing if the default setting of showing the full notification is enabled on the lock screen.

  4. #4
    Super Grandmaster Sinbad's Avatar
    Join Date
    Jun 2006
    Posts
    58,938
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)

    Default

    Who the **** allows full notification display on lock screen?
    Quote Originally Posted by sajunky View Post
    It is a Chrismas time, animals speak human language, deamons speak through the humans, it is normal. Honesty is the way we can combat it.

  5. #5
    Super Grandmaster supersunbird's Avatar
    Join Date
    Oct 2005
    Location
    Garsfontein, Pretoria
    Posts
    42,361
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by Sinbad View Post
    Who the **** allows full notification display on lock screen?
    Morons and noobs, the same type of person that uses Swipe-to-unlock
    Sign up to the below and enjoy much less marketing calls:
    https://www.nationaloptout.org

  6. #6
    Super Grandmaster genetic's Avatar
    Join Date
    Apr 2008
    Location
    /\/ŻŻŻŻŻŻ\/\
    Posts
    23,881
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by Sinbad View Post
    Who the **** allows full notification display on lock screen?
    Never had notifications display on my lock screen either.

    Basic security.
    I believe posters are recognised by their sig... so I made one.

  7. #7
    Super Grandmaster isie's Avatar
    Join Date
    Jan 2010
    Location
    Second star to the right and straight on 'til morning
    Posts
    9,056
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by JetsetWilly View Post
    So this might be common knowledge to most, but I thought i'd just post my quick experience of how easy it is to hijack a Whatsapp profile with limited access to the person's phone.

    1) Install or reinstall Whatsapp on your device (or Android emulator) - the device needn't have a SIM, only internet connectivity.
    2) When you start Whatsapp, it asks for your cell number to verify it - enter the number of the target phone to hijack
    3) It takes a minute to verify the phone then it sends an SMS to the target phone
    4) Glance at the target phone screen and get the 6 digit code that was SMS'd (even if it's locked, it could show up on the lock screen)
    5) Enter it into your phone into Whatsapp

    DONE
    You now have full access to the victim's whatsapp to send / receive messages (and possibly bank with Absa if they have set it up on Whatsapp?)

    Steps to prevent being hijacked this way:
    1) Disable sensitive notifications on your lock screen (both Android and iOS can do this - under settings) - obviously have a secure pin / lock screen
    2) Enable Whatsapp 2FA - when the attacker tries to set up Whatsapp on the new device, it requests your 2FA pin.
    flaws in your plan first phone will have a message pop up to say you need to re verify whatsapp , do that and control is yours again, the second phone will then get the verification and then cannot te sms.

    and main flaw you need to get my phone and access to messages if not secure and open the first place whatsapp is the least of your concerns
    Some times the internet is so slow, it would be faster to just fly to Google's headquarters and ask them this $h1t in person.!

  8. #8
    Super Grandmaster
    Join Date
    Nov 2010
    Location
    JHB
    Posts
    11,195
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)

    Default

    Shouldn't it be prevented in Whatsapp?
    "We own South Africa but State Capture is a problem as Zuma has friends and no-one belong to our family."

  9. #9
    Super Grandmaster JetsetWilly's Avatar
    Join Date
    Jul 2008
    Posts
    25,317
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by isie View Post
    flaws in your plan first phone will have a message pop up to say you need to re verify whatsapp , do that and control is yours again, the second phone will then get the verification and then cannot te sms.
    Good luck getting that right if your phone is stolen... or temporarily "missing"

    And main flaw you need to get my phone and access to messages if not secure and open the first place whatsapp is the least of your concerns
    I don't need to access old messages to pose as you and message others or receive new messages... or transact with ABSA (last one yet to be tested)

  10. #10
    Super Grandmaster JetsetWilly's Avatar
    Join Date
    Jul 2008
    Posts
    25,317
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by Sinbad View Post
    Who the **** allows full notification display on lock screen?
    It's default AFAIK. Some people find it convenient and sacrifice security for convenience.

  11. #11
    Super Grandmaster isie's Avatar
    Join Date
    Jan 2010
    Location
    Second star to the right and straight on 'til morning
    Posts
    9,056
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by JetsetWilly View Post
    Good luck getting that right if your phone is stolen... or temporarily "missing"
    if its temporarily missing that means i get my phone back the unverified message will popup , if stolen see below
    either way i say good luck getting into my phone
    Quote Originally Posted by JetsetWilly View Post
    I don't need to access old messages to pose as you and message others or receive new messages... or transact with ABSA (last one yet to be tested)
    you need access to my new messages , how can you do that if i have my phone, if you have my phone and you I dont have some sort of security then like i said having my whatsapp is the least of my worries.
    if my phone is stolen chances are the person will wipe the phone , that wipes whatsapp - if the reason they stole it is to have aces to my whatsapp that is only until i block the sim and swapped - yes a lot can happen in that time but again i say if my phone is with anyone else and not secure whatsapp is the least of my worries.
    Some times the internet is so slow, it would be faster to just fly to Google's headquarters and ask them this $h1t in person.!

  12. #12
    Super Grandmaster genetic's Avatar
    Join Date
    Apr 2008
    Location
    /\/ŻŻŻŻŻŻ\/\
    Posts
    23,881
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by isie View Post

    you need access to my new messages , how can you do that if i have my phone, if you have my phone and you I dont have some sort of security then like i said having my whatsapp is the least of my worries.
    .
    This.

    If you're foolish enough to leave your phone unsecured, then you have bigger issues.
    I believe posters are recognised by their sig... so I made one.

  13. #13
    Super Grandmaster JetsetWilly's Avatar
    Join Date
    Jul 2008
    Posts
    25,317
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by genetic View Post
    This.

    If you're foolish enough to leave your phone unsecured, then you have bigger issues.
    It's secured. Locked. Unless you're referring to something else.

  14. #14
    Super Grandmaster JetsetWilly's Avatar
    Join Date
    Jul 2008
    Posts
    25,317
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by isie View Post
    if its temporarily missing that means i get my phone back the unverified message will popup , if stolen see below
    either way i say good luck getting into my phone
    No. I "hide" your phone after getting into your Whatsapp using my phone. Just one scenario. You have no way to stop me using Whatsapp from my phone until you do a sim swap.


    You need access to my new messages , how can you do that if i have my phone, if you have my phone and you I dont have some sort of security then like i said having my whatsapp is the least of my worries.
    You'll have to be more specific. Android and iOS show SMS contents on the lock screen by default.
    If my phone is stolen chances are the person will wipe the phone , that wipes whatsapp - if the reason they stole it is to have aces to my whatsapp that is only until i block the sim and swapped - yes a lot can happen in that time but again i say if my phone is with anyone else and not secure whatsapp is the least of my worries.
    I've seen this first hand. Friends and family phone frantically to find out if your daughter is OK because they got a Whatsapp to say they're stranded and need cash... please send cardless ATM cash. This scenario involved someone you know or who knows you possibly via a third party hence has your number.

  15. #15
    Super Grandmaster isie's Avatar
    Join Date
    Jan 2010
    Location
    Second star to the right and straight on 'til morning
    Posts
    9,056
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by JetsetWilly View Post
    No. I "hide" your phone after getting into your Whatsapp using my phone. Just one scenario. You have no way to stop me using Whatsapp from my phone until you do a sim swap.


    You'll have to be more specific. Android and iOS show SMS contents on the lock screen by default.


    I've seen this first hand. Friends and family phone frantically to find out if your daughter is OK because they got a Whatsapp to say they're stranded and need cash... please send cardless ATM cash. This scenario involved someone you know or who knows you possibly via a third party hence has your number.
    You don't seem to understand - if a person is stupid enough to leave their phone without a basic lock,t whatsapp is the least of their worries - look at what your phone has become, it is the key to pretty much everything, your email , sms , banking etc is on it - i can reset password for pretty much any website once i have your email and sms- this is not a whatsapp issue this is their own stupidity.

    Simple lock your phone and ensure you have find my phone on android and whatever the equivalent is on Iphone - you can remotely wipe your phone - yes it needs a data connection to do this - but so do the scammers in order to do what you expecting them to do.
    Some times the internet is so slow, it would be faster to just fly to Google's headquarters and ask them this $h1t in person.!

+ Reply to Thread
Page 1 of 6 12345 ... LastLast

Similar Threads

  1. Don't pay extra for Whatsapp - sign the Save Whatsapp Petition
    By Yuna Monos in forum Broadband and IT News
    Replies: 6
    Last Post: 16-01-2016, 08:22 PM
  2. Delayed WhatsApp messages – are SA networks interfering with WhatsApp?
    By Kevin Lancaster in forum Broadband and IT News
    Replies: 21
    Last Post: 12-01-2016, 02:52 AM
  3. Why doesn't Cell C allow WhatsApp Calls on their WhatsApp Bundle
    By PHP_Ninja in forum Cell C Mobile Data
    Replies: 17
    Last Post: 19-11-2015, 05:25 PM
  4. Running WhatsApp on a Nokia? Minimum phone/plan to run WhatsApp?
    By fdecker in forum Cellular: Mobile Phones, Call Contracts, Content, MMS and SMS
    Replies: 17
    Last Post: 11-07-2011, 04:21 PM
  5. Attempted hijacking not an attempted hijacking anymore
    By MaD in forum News and Current Affairs
    Replies: 13
    Last Post: 21-07-2006, 02:21 PM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •