Hackers use the call forwarding trick to steal WhatsApp accounts.

-

An attacker can use a trick to gain access to a victim’s WhatsApp account and personal messages as well as contact list.

The method relies on mobile carriers’ automated call forwarding services and WhatsApp’s option to send a one-time password (OTP) verification code via voice call.

The MMI code ruse

Rahul Sasi, the founder and CEO of digital risk protection firm CloudSEK, shared some information about the method, claiming that it is used to hack WhatsApp accounts.

BleepingComputer tested the method and discovered that it works, albeit with some caveats that a skilled attacker could overcome.

It only takes a few minutes for an attacker to take over a victim’s WhatsApp account, but they must know the target’s phone number and be prepared to do some social engineering.

According to Sasi, an attacker must first persuade the victim to call a number that begins with a Man Machine Interface (MMI) code that the mobile carrier has set up to enable call forwarding.

Depending on the carrier, a different MMI code can route all calls to a terminal to a different number or just when the line is busy or no reception.

These codes begin with a star (*) or a hash (#).
They are easily accessible, and according to our research, all major mobile network operators support them.

“First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account” – Rahul Sasi

The researcher explains that the 10 digit number belongs to the attacker, and the MMI code in front of it instructs the mobile carrier to forward all calls when the victim’s line is busy to the phone number specified after it.

Once the victim has been duped into forwarding calls to their number, the attacker begins the WhatsApp registration process on their device, selecting the option to receive the OTP via voice call.

The attacker can then register the victim’s WhatsApp account on their device and enable two-factor authentication (2FA), preventing legitimate owners from regaining access.

Although the method appears to be simple, getting it to work takes a little more effort, as we discovered during testing.

First and foremost, the attacker must use an MMI code that forwards all calls regardless of the state of the victim device (unconditionally).
Call waiting, for example, may cause the hijack to fail if the MMI only forwards calls when a line is busy.

During testing, we discovered that the target device received text messages notifying it that WhatsApp was registered on another device.

Users may miss this warning if the attacker uses social engineering and engages the target in a phone call long enough to receive the WhatsApp OTP code over voice.

If the victim device already has call forwarding enabled, the attacker must use a different phone number than the one used for the redirection – a minor inconvenience that may necessitate additional social engineering.

The most obvious sign of suspicious activity for the target user occurs after the mobile operator activates call forwarding for their device, because activation comes with a warning overlayed on the screen that does not disappear until the user confirms it.

Despite this prominent warning, threat actors have a high chance of success because most users are unfamiliar with MMI codes or mobile phone settings that disable call forwarding.

Despite these challenges, malicious actors with good social engineering skills can devise a scenario that allows them to keep the victim on the phone until they receive the OTP code for registering the victim’s WhatsApp account on their device.

We tested this method using Verizon and Vodafone mobile services and concluded that an attacker with a plausible scenario is likely to hijack WhatsApp accounts.

According to public data, Sasi’s post refers to Airtel and Jio mobile carriers, each of which has more than 400 million customers as of December 2020.

It is as simple as turning on two-factor authentication protection in WhatsApp to protect against this type of attack.
By requiring a PIN whenever you register a phone with the messaging app, this feature prevents malicious actors from gaining control of the account.

Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Latest news

Android Toll Fraud Malware Can Subscribe Users To Premium Services Without Consent

Toll fraud malware variants are reportedly targeting Android devices with API level 28 or Android 9.0 or older OS...

Intel Showcases 12th Generation Processors For Mobile Devices In India

Starting with the U and P series and moving up to the H and HX series are Intel's 12th...

Realme GT 2 Explorer Master Edition Launch Date Set For July 12

One of the earliest smartphones to include the Snapdragon 8+ Gen 1 SoC is the Realme GT 2 Explorer...

Apple Music Subscribers Can Now Get Free Beats Flex Earphones But Conditions Apply

However, Apple Music customers who are students in India are not eligible for the brand-new free Beats Flex earphones...

Latest Updates

Must read

New Acer Aspire 7 Laptop With 12th-Gen Intel CPU Launched, Price Starts At Rs 62,990

A 12th-Gen Core i5 CPU, Nvidia GTX 1650 GPU,...

How to make AC cool your room faster and reduce electricity bill

If you still have an old air conditioner at...

You might also likeRELATED
Recommended to you

0
Would love your thoughts, please comment.x
()
x