An important warning for those of you who use the popular mobile messaging app WhatsApp: Your account may not be as secure as you think it is. A recent article from The Hacker News explains that someone can easily hijack your WhatsApp account if they gain physical access to your phone, even if just for a few moments. Theoretically, the attack could be used against any of the 800 million current WhatsApp users.
The actual mechanism of the attack isn’t sophisticated, and it doesn’t require any hacking skill at all. To start, a thief sets up a WhatsApp account on a new phone using your account’s phone number. During this process, a confirmation code will be sent to your phone. If the thief can intercept your phone during this time, they can enter it on their version of WhatsApp, stealing your account. Simply locking your phone isn’t enough protection against the attack, since the thief can simply request the code be called in.
Because a thief needs to be in physical possession of your phone, your WhatsApp account is likely safe from Chinese hackers located halfway across the globe. It’s not safe, however, from a nosy snoop at work or a jealous boyfriend. That’s where the real danger here is – someone close to you may want to spy on you, monitoring your WhatsApp messages and browsing through your contacts.
WhatsApp will hopefully fix this particular issue with its authentication protocol, given how news of the hijacking vulnerability has spread. In the meantime, there’s no reason to be high alert, but you should aim to be more physically protective of your device in general. Don’t leave your phone out on your desk at work unattended, and keep it in your pocket or stashed away when you have guests visiting your home. And be careful of who you lend your device to if you think they may have an interest in spying on your messages.
[Image credit: WhatsApp]
From Pedro XII. on June 10, 2015 :: 1:11 pm
You should probably be using a more secure messenger, anyway. No serious messenger is open to this kind of attack. The fact that access to your device is required renders the risk relatively low, but still…
Reply