Monday, June 6, 2016

Hijack and Impersonate Whatsapp account

Attacker are able to hijack a Whatsapp account and impersonate as the legitimate user.
How they do it?  There is actually a vulnerability in Signaling System 7 (SS7), a global network of carriers that acts as a central hub to connect the world. The attack is done by tricking the telecom network into believing the attacker’s phone has the same number as the target’s.

The attacker would now create a new WhatsApp account and receive the secret code that authenticates their phone as the legitimate account holder.Once complete, the attacker now controls the account, including the ability to send and receive messages.

Below is a demo of the attack.

You can find my previous post on extracting messages from Whatsapp in "Can you extract message and photo from Whatsapp?"

No comments: