Samuel Daniels

Tech

Tech tips: How to know your WhatsApp account has been hacked and tips to prevent it

Welcome back, my awesome Bezzies!

We are living in an age whereby the power of technology is very evident. It has never been easier communicating with friends and family who live thousands of miles away. The world is truly living up to it’s name “global village”. The advancement of technology is consequently confronted with a corresponding threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities. These vulnerabilities can exist in a broad number of areas, including devices, data, applications, users and locations [1].

[the_ad id=”10179″]

Some Statistics

WhatsApp is one of the most easiest to use applications in the world. It has 2 billion active users worldwide as of 2021. It is ranked as the most used mobile messenger app in the world. More than 100 billion messages are sent each day on WhatsApp. According to App Annie data, the average WhatsApp user on the Android platform spends 19.4 hours per month (38 minutes per day) on the app [2]. This statistics and several others account for why WhatsApp is seen by cyber criminals as a green area to make money.

The Hidden Influence of Social Media on Modern Relationships
Trending
The Hidden Influence of Social Media on Modern Relationships

Motivation of WhatsApp Threat Actors

The main motivations of cyber threat actors who hack or attempt to hack people’s WhatsApp accounts are typically money and information. They get money directly through extortion, blackmail and manipulation. And indirectly through sending of ads and span to their victims contact list and into WhatsApp groups their victims belong to. Or selling the information they fish from their victims WhatsApp account.

As knowing is half the battle, if we are simply aware of vulnerabilities, we can then take concrete steps to avoid compromising ourselves. To that end, here are a few ways that WhatsApp can be hacked.

1. Registering your number on a different device

Hackers can trick you and take over your WhatsApp account and log you out of your own account. WhatsApp cannot work for the same number on two devices. When hackers try to register WhatsApp using your phone number, WhatsApp will send a code (OTP) to your phone via SMS. Because the hackers don’t have access to your mobile device, they will usually trick you to send the code to them. The format they use in persuading their victims to send them the code varies from victim to victim. Usually, they will study you to know what to say to convince you. The moment they get the code and apply it. WhatsApp will log you out.

2. The Pegasus Voice Call Attack

A serious WhatsApp vulnerability discovered in early 2019 was the Pegasus voice call hack.

This scary attack allowed hackers to access a device simply by placing a WhatsApp voice call to their target. Even if the target didn’t answer the call, the attack could still be effective. And the target may not even be aware that malware has been installed on their device. This worked through a method known as buffer overflow. This is where an attack deliberately puts in heaps of code into a small buffer so that it “overflows” and writes code into a location it shouldn’t be able to access.

When the hacker can run code in a location that should be secure, they can take malicious steps. This attack installed an older and well-known piece of spyware called Pegasus. This allowed hackers to collect data on phone calls, messages, photos, and video. It even let them activate devices’ cameras and microphones to take recordings. This vulnerability is applicable on Android, iOS, Windows 10 Mobile, and Tizen devices.

This attack was allegedly used by the Israeli firm, NSO Group, which was accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack. If you are running WhatsApp version 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, then you need to update your app immediately.

Thomas Anthony Watson, a British former politician who served as Deputy Leader of the Labour Party from 2015 to 2019 and Shadow Secretary of State for Digital, Culture, Media and Sport from 2016 to 2019 spoke about this hack.

The WhatsApp security breach reads like a nightmare, a dystopian world of tech-enabled total surveillance – targeted at lawyers, dissidents and human rights activists. When were ministers informed? How many UK users are affected? Have they been notified? My Urgent Question… pic.twitter.com/eIgbnqqVMi

— Tom Watson (@tom_watson) May 15, 2019

3. Socially Engineered Attacks

Another way that WhatsApp is vulnerable is through socially engineered attacks, which exploit human psychology to steal information or spread misinformation.

In this attack, threat actors use any information they can gather on your social network, and use your basic human nature against you, by playing deeply on your impulses, such as fear, excitement, empathy. The attackers hijack your normal thought processes to make you act on their behalf. This is one of the frequently use attacks hackers use to hack victims WhatsApp. Watch the video below for more information.

4. Paid Third-Party Apps

You’d be surprised how many paid legal apps have sprung up in the market, which solely exist for hacking into secure systems. This could be done by big corporations working hand-in-hand with oppressive regimes to target activists and journalists; or by cyber criminals, intent on getting your personal information. Apps like Spyzie and mSPY can easily hack into your WhatsApp account for stealing your private data.

All they need to do is purchase the app, install it, and activate it on the target phone. They can then simply sit back and connect to their app dashboard from the web browser, and snoop in on private WhatsApp data like messages, contacts, status, etc. After reading this article, open our installed apps to see if any of these apps are installed. The danger is that, their launcher icon could be hidden after installation. If you are not too sure, contact your cyber security officer to assist you to check if your device is compromised in a way.

5. WhatsApp Web

WhatsApp Web is a neat tool for people who spend most of their day on a PC. It provides the ease of accessibility to WhatsApp users, as they won’t have to pick up their phone again and again for messaging. The big screen and keyboard provides an overall better user experience too.

Here’s the caveat, though. As handy as the web version is, it can be easily used to hack into your WhatsApp chats. This danger arises when you’re using the WhatsApp Web on someone else’s computer. So if the owner of the computer has selected the “keep me signed in” box during login, then your WhatsApp account will stay signed-in even after you close the browser. The computer owner can then access your information without much difficulty.

You can avoid this by making sure that you log out from WhatsApp Web before you leave. But as the old saying goes, “prevention is better than cure.” The best approach is to avoid using anything other than your personal computer for the web version of WhatsApp altogether.

It is highly recommended to often check the devices that have connected to your WhatsApp via WhatsApp web. And if there is a device you don’t recognise, log it off. The screen below shows how to see the devices that are connected to your WhatsApp web on both Android and iOS.

WhatsApp promises their uses with an end-to-end encryption. According to WhatsApp

Some of your most personal moments are shared on WhatsApp, which is why we built end-to-end encryption into the latest versions of our app. When end-to-end encrypted, your messages and calls are secured so only you and the person you’re communicating with can read or listen to them, and nobody in between, not even WhatsApp [3].

[the_ad id=”10181″]

The question one may ask is that “why do people still get hacked if really what WhatsApp is saying is true?” The problem is not with WhatsApp, Human being has always been the weakest link in every security system. However, security of a system is only as good as the security at its weakest point.

How To Avoid Being Hacked

The fact is, no one can promise absolute security. However, the basic rule is that, do not be the easier target. Below are some tips to keep your WhatsApp account safe.

1. Never share the 6-digit registration code you received via SMS with others.

2. Enable two-step verification

1. Tap Settings > Account > Two-step verification

2. Create a PIN. That’s it!

3. Protect your data

1. Allow only your contacts to see your profile photo.

Tap Settings > Account > Privacy > Profile photo and select “My Contacts”.

2. Be ware of people asking you for money.

3. Always call you contact to confirm their identity before making any money transfer.

4. Don’t click on links or open files sent by unknown numbers

Do not click links or open files from people you don’t know. It could be a message that will arouse your curiosity. But simply delete it and don’t click on it. They can take over your browser and access your WhatsApp. If the link or file is from an unknown number, simply discard it.

5. Enable Face ID

One of the most secured ways of authentication is biometric means. If your phone supports Face ID, activate Face ID on your WhatsApp. WhatsApp will require to scan your face anytime you open WhatsApp. I found this to be the most secure way to prevent someone physically accessing your WhatsApp on you device.

To enable Face ID, tap Settings > Account > Screen Lock and toggle “Require Face ID” to “ON”, the toggle icon will turn green. You may decide to select lock screen “Immediately” or after “1 Minute” or anything of your choice.

How to recover your account

If your WhatsApp were hacked, delete the WhatsApp app from your device completely, and reinstall it. Sign into WhatsApp with your phone number and verify your phone number by entering the 6-digit code you receive via SMS. Once you enter the 6-digit SMS code, the individual using your account is automatically logged out.

You might also be asked to provide a two-step verification code. If you don’t know this code, the individual using your account might have enabled two-step verification. You must wait 7 days before you can sign in without the two-step verification code. Regardless of whether you know this verification code, the other individual was logged out of your account once you entered the 6-digit SMS code.

  • If you have access to your account and suspect someone is using your account via WhatsApp Web/Desktop, it’s recommend to log out of all computers from your phone.
  • To protect your account, WhatsApp will notify you when someone tries to register a WhatsApp account with your phone number.

Thank you for stopping by. Subscribe to my newsletter from below, and get notified of new posts. You may also drop a comment or question in the comment section below.

Get Free Email Updates!

References

[1] https://www.forcepoint.com/cyber-edu/network-security

[2] https://www.hootsuite.com/pages/digital-trends-2021

[3] https://www.whatsapp.com/features

Comments:

Post a comment:

Comment

Type at least 1 character to search