Hackers Can Now Steal Whatsapp Accounts Using Call Forwarding—How Does It Work?

It has been discovered that Whatsapp accounts can been breached by hackers using call forwarding.

Malicious threat actors can now gain control of your WhatsApp account using a hacking technique called call forwarding. This method is not necessarily the easiest as it requires quick responsiveness and social skills on the part of the threat actors.

However, to the skilled and experienced hackers, this could also mean taking control of a user's account within just a few minutes.

There is a loophole that allows malicious actors to take control of the user's account of an unsuspecting victim and read their private messages as well as their contact list.

WhatsApp's Call Forwarding-How Does It Work?

WhatsApp, Meta's instant messaging app, has a loophole that allows malicious actors to take control of any user's account.

Call forwarding, the technique that can be used, makes use of an automatic feature provided by mobile carriers that redirects incoming calls to a different phone number, as well as an option provided by WhatsApp to transmit a verification code for a one-time password (OTP) through a voice call.

The founder and CEO of cybersecurity company cloudSEK, Rahul Sasi also confirmed that call forwarding provides success when it comes to breaching someone's account in the messaging app. Sasi released some specifics regarding the method, indicating that it is used to hack WhatsApp accounts.

He added that the malicious actor must first persuade the victim to place a call to a number that begins with a Man Machine Interface (MMI) code that was set up by the cell carrier to facilitate call forwarding.

According to Bleeping Computer, Rahul Sasi stated, "First, you receive a call from the attacker, who will convince you to make a call to the following numbers: **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account."

The first character of these codes is either a star (*) or a hash (#). They are not difficult to locate, and according to the testing that was tried out, the majority of the main mobile network operators support them.

On some cell carriers, a particular MMI code can either redirect all calls to a terminal to a different number or redirect the calls that come in when the line is busy or there is no reception.

If hackers are successful in convincing the victim to forward calls to their number, the malicious actor will begin the WhatsApp registration procedure on their own device, selecting the option that allows them to receive the one-time password (OTP) by voice call.

After obtaining the OTP, the malicious user can register the victim's WhatsApp account on their own device and turn on two-factor authentication (2FA), which prohibits the account's rightful owners from regaining access to it.

Read Also: Cryptocurrency Revival: Terra Launches LUNA 2.0 With a Rocky Start

How To Prevent Call Hacking

Call forwarding is just one of the numerous ways malicious actors can breach someone's phone. However, there is also SIM swapping, and phishing emails and text messages as methods of attack.

In addition, nowadays, threat actors now use public Wi-Fi networks. They can create fake Wi-Fi networks to lure users who are in need of an internet connection, and when victims connect through their network, it will lead them to phony sites that will help them launch an attack.

According to MUO, it is highly recommended for users to not connect to any Wi-Fi network to prevent hacking. It is also advised that users turn off hotspots in crowded places.

With the call forwarding strategy, users are advised to not permit any access from an unknown caller. In addition, it is worth remembering that the two-factor authentication can help users add in that extra layer of protection and security. However, in this case, users must use it wisely to their advantage instead of allowing this tool to launch a hack on their devices.

 

Related Article: Russian Cyber Criminal Forums Buy and Sell US College VPN Credentials Like It's Nothing - Sellers Even Ask for Donations

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost