More than 500 million people use the Facebook-owned WhatsApp for messaging.
And hackers are taking advantage this huge texting community by launching cyber attacks against WhatsApp users and taking over accounts.
The Israeli National Cybersecurity Authority just issued a warning about WhatsApp account takeovers that is quite sophisticated and well thought out.
And it can happen while you are asleep.
The hack capitalises on users’ tendency not to change default access credentials on cellphone voicemail numbers. The attacker makes a request to register the victim’s telephone number to the WhatsApp application on their own phone. By default, WhatsApp sends a six-digit verification code in an SMS text message to the victim’s phone number, to verify that the person making the request owns it.
Ideally, the victim would see the message, alerting them that something was up. The attacker avoids that by launching the attack at a time when the victim would not answer their phone, such as in the middle of the night, or while they are on a flight. Many users may even have their phones set to ‘do not disturb’ during this time.
The hackers will request that WhatsApp calls your phone, and since you don't answer, it leaves a message with the code needed to takeover the account.
Most mobile carriers set a default password for voicemail access, all the hacker needs to retrieve the voicemail from WhatsApp is your phone number and the default access code.
So be sure to look up how to change your mobile carrier's default PIN for accessing your voicemail.
That will help keep your messages private and prevent this form of WhatsApp hacking takeovers.