The New Way To Hack WhatsApp, Signal and Telegram!

WhatsApp, Signal and Telegram are the messaging apps which have been used by millions of people worldwide. Users are sharing their personal photos, chats, and documents through these applications. Do you ever think, what will happen if an unknown person steals this information? Well, a security vulnerability has been discovered by an Italian Security Researcher which allows an attacker to break into various messaging applications. He revealed this security issue in the 7th National Conference on Cyber Warfare which held in Milan on this Monday.

What is the Vulnerability?

InTheCyber is an Italian Cyber Security firm, which has offices in Lugano and Milan. According to security researchers of InTheCyber, “By exploiting an old voicemail caller-ID spoofing security vulnerability, an unknown person can hijack messaging apps. It is possible to steal activation codes sent by compromised accounts and messaging apps by exploiting this caller-ID spoofing vulnerability.” In Italy, the network of two major mobile network operators is allowing attackers to perform this attack.

“Attacker only needs to know the mobile number of Victim to perform this attack.”

How to exploit this vulnerability?

Security researchers at InTheCyber said that this attack is possible in three different scenarios. An attacker can exploit this vulnerability when the application will send an activation code to voicemail. Following are the different scenarios, when a call ends up in voicemail:

User is Not Responding

User is Engaged In Other Conversations

User is not reachable

The logic behind This Attack?

When the user installs messaging apps such as WhatsApp, Telegram, and Signal in his device, he needs an activation code to activate his account. The servers of these applications send the code via SMS. When the user does not use that code, servers of these applications make an automated call on the registered number to send the activation code again. If the user does not respond the call due to above mentioned three different scenarios, call will end up in the voicemail.

By exploiting caller-ID spoofing vulnerability, an attacker can steal the code from voicemail. An attacker can activate messaging apps by using victim’s number and he can make conversation with anyone without telling the victim. An attacker can do illegal activities by using victim’s phone number. Although, the victim has no idea about it but an attacker could do his work anonymously.

Click here to see the video proof: https://goo.gl/n6xQ5Mâ€‹

Mobile network companies are offering voicemail facility to its users. When the user has missed any call, he can get the message from voicemail. If the voicemail is vulnerable, obviously attackers can steal all the calls. Before performing this attack, attackers could check when the number is not receiving calls and SMS. They can send messages late night to check delivery status or they can call on victim’s number from public phones to check when the calls are going to voicemail. After checking all these factors, an attacker can request an activation code on victim’s phone number. More than 32 Million users of Italian Mobile Network companies H3G and Wind are at risk. Users can turn off their voicemail for messaging apps to avoid the risk.

Similar Articles: