This sneaky trick could let absolutely anyone gain access to your WhatsApp
Worse still, hackers could use the trick to get access to your WhatsApp account – as if they were you.
WhatsApp is widely seen as one of the safest messaging apps.
That’s despite the fact it’s owned by Facebook, which recently admitted to giving hackers complete access to 50million Facebook accounts.
Part of WhatsApp’s appeal is that sent messages are encrypted, so they can’t be intercepted and snooped upon.
But encryption is useless if hackers gain complete control of your account.
Security experts at Sophos have issued a warning about a WhatsApp hack that could leave you exposed.
It was first documented by security researchers last year, and then highlighted again by tech site ZDNet last week, reporting on an alert from Israel’s cybersecurity authority.
According to researchers, the attacker only needs your phone number to access your messages.
When you download WhatsApp, it sends out a six-digit verification code in an SMS text message to verify your phone number.
Normally you’d see this happen – and would realise that you didn’t request it.
But researchers at warning that hackers launch attacks in the middle of the night.
We won’t reveal the exact details of the hack, but it involves using WhatsApp’s automated phone message (which reads out the code), and accessing the victim’s voicemail through the use of a system trick.
Hackers can gain access to the WhatsApp account on their own phone this way.
But they can also shut the original user out by adding their own two-factor authentication onto the account – making it impossible for the victim to get back into their WhatsApp.
Worryingly, this voicemail hack doesn’t just work for WhatsApp, but lots of services.
“If an attacker has access to your voicemail, he may be able to compromise your email, social networks, financial services, private conversations, track you and more,” said Martin Vigo, a security researcher who helped expose the hack.
He added: “If you must use a service that relies on automated voice messages, then set a strong PIN for your voicemail inbox.”