Facebook's instant social messaging service WhatsApp, has reportedly been found to be vulnerable to hijacking, especially if the offender acquires the target's phone number along with a backdoor access to the phone itself.
Hijacking an existing Whatsapp account involves a simple trick that works independent of the underlying platform (Windows, Android or iOS) and thereby enables anyone to take control of the target's WhatsApp account in quick time.
Here is how it is possible for anyone to hijack any WhatsApp account:
- Try setting up WhatsApp on a new phone using the target's phone number.
- At this moment, WhatsApp calls up the phone number on the target's phone and provides the requisite PIN code to authenticate the account.
- If the offender already has access to the phone, then he can answer the phone call and take the PIN code without a sweat.
- Besides, it is ascertained that anyone can answer the WhatsApp call without the need to unlock the screen on the phone, even if lockscreen feature is enabled.
- Thus, this trick bypasses the security password mechanism that is required to access key phone features, which is a big concern for WhatsApp users.
- In the worst case scenario, iPhones configured with Siri authentication for lockscreen are even more vulnerable to external data thefts, as contact details will be readily available for access through Siri's settings.
- In other words, if the person attempting to steal WhatsApp account information does not have the target's phone number, he/she can still get it easily by calling their own number from target's phone via Siri.
If you are still not convinced, just check out how simple it is to hijack a phone's WhatsApp account by using Siri, in the demo video below (courtesy videosdebarraquito):