How to hack whatsapp message


9 Ways Your WhatsApp Messages Can Be Hacked

WhatsApp is a popular and easy to use messaging app. It has some security features, like the use of end-to-end encryption, which tries to keep your messages private. However, as good as these security measures are, WhatsApp still isn't immune to hacks, which can end up compromising the privacy of your messages and contacts.

As knowing is half the battle, if we are simply aware of vulnerabilities, we can then take concrete steps to avoid comprising ourselves. To that end, here are a few ways that WhatsApp can be hacked.

1. Remote Code Execution via GIF

In October 2019, security researcher Awakened revealed a vulnerability in WhatsApp that let hackers take control of the app using a GIF image. The hack works by taking advantage of the way WhatsApp processes images when the user opens the Gallery view to send a media file.

When this happens, the app parses the GIF to show a preview of the file. GIF files are special because they have multiple encoded frames. This means that code can be hidden within the image.

If a hacker were to send a malicious GIF to a user, they could compromise the user's entire chat history. The hackers would be able to see who the user had been messaging and what they had been saying. They could also see users' files, photos, and videos sent through WhatsApp.

The vulnerability affected versions of WhatsApp up to 2.19.230 on Android 8.1 and 9. Fortunately, Awakened disclosed the vulnerability responsibly and Facebook, which owns WhatsApp, patched the issue. To keep yourself safe from this problem, you should always keep WhatsApp updated.

2. The Pegasus Voice Call Attack

Another WhatsApp vulnerability discovered in early 2019 was the Pegasus voice call hack.

This scary attack allowed hackers to access a device simply by placing a WhatsApp voice call to their target. Even if the target didn't answer the call, the attack could still be effective. And the target may not even be aware that malware has been installed on their device.

This worked through a method known as buffer overflow. This is where an attack deliberately puts in heaps of code into a small buffer so that it "overflows" and writes code into a location it shouldn't be able to access. When the hacker can run code in a location that should be secure, they can take malicious steps.

This attack installed an older and well-known piece of spyware called Pegasus. This allowed hackers to collect data on phone calls, messages, photos, and video. It even let them activate devices' cameras and microphones to take recordings.

This vulnerability is applicable on Android, iOS, Windows 10 Mobile, and Tizen devices. Most recently, it was used by the Israeli firm, NSO Group, which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack.

If you are running WhatsApp version 2.19.134 or earlier on Android or version 2.19. 51 or earlier on iOS, then you need to update your app immediately.

Another way that WhatsApp is vulnerable is through socially engineered attacks, which exploit human psychology to steal information or spread misinformation.

A security firm called Check Point Research revealed one example of this attack, which they named FakesApp. This allowed people to misuse the quote feature in group chat and to alter the text of another person's reply. Essentially, hackers could plant fake statements that appear to be from other legitimate users.

The researchers could do this by decrypting WhatsApp communications. This allowed them to see data sent between the mobile and the web versions of WhatsApp.

And from here, they could change values in group chats. Then they could impersonate other people, sending messages which appeared to be from them. They could also change the text of replies.

This could be used in worrying ways to spread scams or fake news. Even though the vulnerability was disclosed in 2018, it had still not been patched by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019, according to ZNet.

Related: How to Recognize And Avoid WhatsApp Spam

4. Media File Jacking

Media File Jacking affects both WhatsApp and Telegram. This attack takes advantage of the way apps receive media files like photos or videos and write those files to a device's external storage.

The attack starts by installing malware hidden inside an apparently harmless app. This can then monitor incoming files for Telegram or WhatsApp. When a new file comes in, the malware may swap out the real file for a fake one.

Symantec, the company that discovered the issue, suggests it could be used to scam people or to spread fake news.

There is a quick fix for this issue, though. Using WhatsApp, you should look in Settings and go to Chat Settings. Then find the Save to Gallery option and make sure it is set to Off. This will protect you from this vulnerability. However, a true fix for the issue will require app developers to entirely change the way that apps handle media files in the future.

5. Facebook Could Spy on WhatsApp Chats

In an official blog post, WhatsApp asserted that because of its end-to-end encryption, it is impossible for Facebook to read WhatsApp content:

"When you and the people you message are using the latest version of WhatsApp, your messages are encrypted by default, which means you're the only people who can read them. Even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else."

However, according to developer Gregorio Zanon, this is not strictly true. The fact that WhatsApp uses end-to-end encryption does not mean all messages are private. On an operating system like iOS 8 and above, apps can access files in a "shared container."

Both the Facebook and WhatsApp apps use the same shared container on devices. And while chats are encrypted when they are sent, they are not necessarily encrypted on the originating device. This means the Facebook app could potentially copy information from WhatsApp.

To be clear, there is no evidence that Facebook has used shared containers to view private WhatsApp messages. But the potential is there. Even with end-to-end encryption, your messages may not be private from the all-capturing net of Facebook.

Related: What Are Encrypted Messaging Apps? Are They Really Safe?

6. Paid Third-Party Apps

You'd be surprised how many paid legal apps have sprung up in the market, which solely exist for hacking into secure systems.

This could be done by big corporations working hand-in-hand with oppressive regimes to target activists and journalists; or by cyber criminals, intent on getting your personal information.

Apps like Spyzie and mSPY can easily hack into your WhatsApp account for stealing your private data.

All you need to do is purchase the app, install it, and activate it on the target phone. You can then simply sit back and connect to your app dashboard from the web browser, and snoop in on private WhatsApp data like messages, contacts, status, etc. But obviously, we advise against anyone actually doing this!

Related: Best Free Facebook Messenger Alternatives

7. Fake WhatsApp Clones

Using fake websites clones for installing malware is an old hacking strategy still implemented by cybercriminals all over the world. These clone sites are known as malicious websites.

The hacking tactic has now also been adopted for breaking into Android systems. To hack into your WhatsApp account, an attacker will first try to install a clone of WhatsApp, which might look strikingly similar to the original app.

Take the case of the WhatsApp Pink scam, for instance. A clone of the original WhatsApp, it claims to change the standard green WhatsApp background to pink. Here's how it works.

An unsuspecting user receives a link to download the WhatsApp Pink app for changing the background color of their app. And even though it really does change the background color of your app to pink, as soon as you install the app, it will start collecting data not just from your WhatsApp but also from everything else stored on your phone.

8. WhatsApp Web

WhatsApp Web is a neat tool for someone who spends most of their day on a PC. It provides the ease of accessibility to WhatsApp users, as they won't have to pick up their phone again and again for messaging. The big screen and keyboard provides an overall better user experience too.

Here's the caveat, though. As handy as the web version is, it can be easily used to hack into your WhatsApp chats. This danger arises when you're using the WhatsApp Web on someone else's computer.

So if the owner of the computer has selected the keep me signed in box during login, then your WhatsApp account will stay signed-in even after you close the browser.

The computer owner can then access your information without much difficulty.

You can avoid this by making sure that you log out from WhatsApp Web before you leave.

But as they say, prevention is better than cure. The best approach is to avoid using anything other than your personal computer for the web version of WhatsApp altogether.

9. Exporting Your Chats

While some of the methods we've discussed above are really elaborate, and some just capitalize on blank spots in the human psyche, this one simply requires physical access to your smartphone.

And no, the hacker doesn't need a lot of time with your phone, either; just a few seconds is enough. This gives them enough time to export your messages to a location they can later access. It could be anything: an email account, cloud storage, or even a messaging app.

Once a hacker has access to your phone, all they have to do is move to a specific chat, click on the Export chat option and select the location they'd like to move your message history to.

The solution? The ironclad way to protect yourself is to keep your phone away from unfamiliar hands at all times. Furthermore, you have the option to enable fingerprint lock for your WhatsApp. Head to Accounts > Privacy > Fingerprint lock. There, toggle the Unlock with fingerprint option on, and set the lock activation to Immediately.

Now, every time your WhatsApp is picked up after inactivity, your fingerprints will be required to launch the app.

Stay Aware of Security Issues in WhatsApp

These are just a few examples of how your WhatsApp can be hacked. While WhatsApp has patched some of these issues since their disclosure, some weak spots persist, so it's important to stay vigilant. To learn more about whether WhatsApp is safe, you need to brush up your knowledge of WhatsApp security threats. So, always keep yourself updated!

WhatsApp Security Hacks: Are Your 'Private' Messages Really Ever Private?

WhatsApp one of the largest instant messengers and considered by many a social network of its own. So, in continuing our app safety discussion, we’re diving into some of the top security hacks and questions many WhatsApp app users and parents may have.

But first, what’s a security hack? In short, it’s an attempt to exploit the weaknesses in an app, network, or digital service to gain unauthorized access, usually for some illicit purpose. Here are just some of the concerns WhatsApp users may have and some suggestions on boosting security.

WhatsApp Hack FAQ

Are WhatsApp conversations private?

Yes — but there are exceptions. More than any other app, WhatsApp offers greater privacy thanks to end-to-end encryption that scrambles messages to ensure only you and the person you’re communicating with can read your messages or listen to your calls. Here’s the catch: WhatsApp messages (which include videos and photos) are vulnerable before they are encrypted and after they are decrypted if a hacker has managed to drop spyware on the phone. Spyware attacks on WhatsApp have already occurred. Safe Family Tip: No conversation shared between devices is ever 100% private. To increase your WhatsApp security, keep sensitive conversations and content offline, and keep your app updated.  

Can anyone read my deleted WhatsApp messages?

A WhatsApp user can access his or her own deleted messages via the chat backup function that automatically backs up all of your messages at 2 a.m. every day. WhatsApp users can delete a message by using the Delete for Everyone button within an hour after sending though it’s not foolproof. Here’s the catch: Anyone who receives the message before it’s deleted can take a screenshot of it. So, there’s no way to ensure regrettable content isn’t captured, archived, or shared. There are also third-party apps that will recall deleted messages shared by others. Another possibility is that a hacker can access old chats stored in an app user’s cloud. Safe Family Tip: Think carefully about sharing messages or content you may regret later.

Can WhatsApp messages be deleted permanently?

Even if a WhatsApp user decides to delete a message, it’s no guarantee of privacy since conversations are two-way, and the person on the receiving end may screenshot or save a copy of a chat, video, or photo. On the security side, you may delete a message and see it disappear, but WhatsApp still retains a “forensic trace of the chat” that can be used by hackers for mining data, according to reports. Safe Family Tip: For extra security, turn off backups in WhatsApp’s Settings.

How can I secure my WhatsApp?

It’s crucial when using WhatsApp (or any other app) to be aware of common scams, including malware, catfishing, job and money scams, spyware, and file jacking. To amplify security, turn on Security Notifications in Settings, which will send an alert if, for some reason, your security code changes. Other ways to boost security: Use two-step verification, never share your 6-digit SMS verification code, disable cloud back up, and set your profile to private. Safe Family Tip: Install comprehensive family security software and secure physical access to your phone or laptop with a facial, fingerprint, or a passcode ID. Don’t open (block, report) messages from strangers or spammers. Never share personal information with people you don’t know. 

How do I delete my WhatsApp account from another phone?

To delete a WhatsApp account go to > Settings > Account > Delete My Account. Deleting your account erases message history, removes you from groups, and deletes your backup data. According to WhatsApp, for users moving from one type of phone to another, such as from an iPhone to an Android, and keeping the same phone number, your account information stays intact, but you won’t be able to migrate messages across platforms. If you’re not keeping your number, you should delete WhatsApp from your old phone, download WhatsApp to your new phone, and verify your new phone number. Upgrading the same phone type will likely include options to migrate messages. Safe Family Tip: Before you give away or exchange an old phone, wipe it clean of all your data.

How do you know your WhatsApp is scanned?

WhatsApp users can easily sync devices by downloading the WhatsApp web app and activating it (Settings > WhatsApp Web/Desktop). Devices sync by scanning a QR code that appears on your laptop screen. You know your device is scanned when you see the green chat screen appear on your desktop. Safe Family Tip: It’s possible for a person with physical access to your desktop to scan your QR code and to gain account access. If you think someone has access to your account log out of all your active web sessions in WhatsApp on your mobile phone.

How long are WhatsApp messages stored?

According to WhatsApp, once a user’s messages are delivered, they are deleted from WhatsApp servers. This includes chats, photos, videos, voice messages, and files. Messages can still be stored on each individual’s device. Safe Family Tip: The moment you send any content online, it’s out of your control. The person or group on the receiving end can still store it on their device or to their cloud service. Never send risky content. 

How secure is WhatsApp?

There’s no doubt, end-to-end encryption makes it much more difficult for hackers to read WhatsApp messages. While WhatsApp is more secure than other messaging apps — but not 100% secure.

Is it true that WhatsApp has been hacked?

Yes. Several times and in various ways. No app, service, or network has proven to be unhackable. Safe Family Tip: Assume that any digital platform is vulnerable. Maximize privacy settings, never share risky content, financial information, or personal data.

Is WhatsApp safe to send pictures?

Encryption ensures that a transmission is secure, but that doesn’t mean WhatsApp content is safe or that human behavior is predictable. People (even trusted friends) can share private content. People can also illegally attempt to gain access to any content you’ve shared. This makes WhatsApp (along with other digital sharing channels) unsafe for exchanging sensitive information or photos. Safe Family Tip: Nothing on the internet is private. Never send or receive pictures that may jeopardize your privacy, reputation, or digital footprint.

WhatsApp isn’t the only popular app with security loopholes hackers exploit. Every app or network connected to the internet is at risk for some type of cyberattack. We hope this post sparks family discussions that help your kids use this and other apps wisely and helps keep your family’s privacy and safety online top of mind.

Try McAfee Mobile Security

Enjoy safer mobile devices with all-in-one protection

Toni Birdsong began her career as a reporter in Los Angeles and later became a writer for Walt Disney Imagineering. Her passion for digital safety started 10 years ago as...

5 signs that someone is reading your Whatsapp conversation and remains invisible

How to read other people's Whatsapp messages from your phone

After a series of updates, Whatsapp received an important feature - the ability to work on multiple devices at the same time. A new opportunity was created for convenience, but it was immediately used for criminal purposes. In Europe and the United States, there are cases when attackers, under the guise of a request for a call, take the victim’s device, scan a special QR code and gain access to the correspondence. The psychological technique works mainly with women and teenagers, but the end of the story is the same for everyone - extortion, theft of intimate photos and the threat to reveal the most intimate secrets to relatives or colleagues. The easiest way to close such a vulnerability is not to give outsiders (and relatives too) your device for a long time or set a password to launch the application.

How to hack Whatsapp and how to protect it from surveillance

Photo © Shutterstock

Determining that someone else has access to your account is quite simple. You need to go to "Settings" and go to "Associated devices". This menu will show all the devices that use your account. They can be removed, leaving one, two or three reliable means of communication. One of the most vulnerable points of Whatsapp is the so-called "floating" widget - a utility (add-on) for an Android application. The attackers copy the original widgets - a special "floating" algorithm is left inside the program, which does not show activity at the stage of checking the program by store administrators. The delayed activation mechanism starts working a couple of days after installation on the device. The main sign that something is not right with the phone is increased heating and an increase in traffic for Whatsapp.

Erase it immediately: 6 reasons to urgently remove WhatsApp from your phone

How to read deleted Whatsapp messages?

Reading deleted messages is another nuisance that can overtake a user after an outsider intercepts access to his device. The problem is that here the owners of Whatsapp got caught in their own lies. They used to state that a Whatsapp message is automatically deleted from the server as soon as the user deletes it from the device. But over time, it turned out that this is not so: messages are stored for some time both on the devices themselves and on the "third party" in case someone complains about it and the signal has to be responded to. The backdoor was opened by hackers who wrote an application for Android. Once installed on a smartphone, it made it possible to synchronize the messenger with a hacker program and penetrate the notification history, where all messages, including deleted ones, are visible. It is not known whether this vulnerability has been fixed at the moment, but one of the indirect signs that your deleted messages are being restored is their "revival" in the correspondence. At least, such symptoms are reported by foreign users.

Extensions

Photo © Shutterstock

Messenger extensions are popular exclusively with Android users. In the Apple ecosystem, such programs do not take root, and their verification by moderators before publication often leads to the removal and ban of "developers". Widgets for multitasking, cleaning Whatsapp memory and other third-party applications that require the right to synchronize with contacts and messenger conversations slow down Whatsapp in almost 100% of cases, and in the worst case, steal user data by taking screenshots and uploading data to unknown servers. Avoiding such a "leak" is easy - you should not install anything on your device other than the original Whatsapp.

Sending a chat by mail

One of the critical vulnerabilities of Whatsapp was its basic function. Through "sending a chat" you can upload all correspondence with any user to any mail. The program does not ask you to confirm this action - just select the addressee, and a letter with a complete archive of messages will be sent to his email inbox. Deleted text files will not be there, but the title will contain a phrase from the developers: "Messages and calls are end-to-end encrypted. Third parties, including WhatsApp, cannot read your messages or listen to calls. " And this is in correspondence, to which, it seems, no one has access.

Refuse immediately: why you need to urgently delete WhatsApp from your phone

Why Whatsapp does not work and does not send messages

for hygienic reasons. But there are still symptoms of a real hack, which may be behind attackers with special skills. The first and most important is the delay in the network when downloading correspondence. If Whatsapp is installed on more than one device, it will take some time to download. This will be especially noticeable on older Android devices. Another important sign of a Whatsapp hack is sending one-time codes. If this happens, then you need to go to the menu and select the "sign out from all devices" function (similar to "end sessions" in Telegram) and then log in again.

Sergey Andreev

Evgeny Zhukov

  • Article
  • WhatsApp
  • Telegram
  • hack
  • Social networks and messengers
  • Science and technology

Comments: 2

for commenting authorization!

Any WhatsApp user can have their account taken away.

You don't have to be a hacker to do this

software Soft Safety User Internet Internet software Technology

|

Share

    WhatsApp hides a flaw that allows attackers with zero hacking and programming skills to permanently block the account of any user. They only need to know their phone number and nothing else, and there is no way to protect themselves from potential blocking. WhatsApp developers are in no hurry to fix the problem.

    New bug in WhatsApp

    Each WhatsApp user can lose their profile at any second with a minimal chance of recovery. According to Forbes, it is simply impossible to protect against this, and the attacker will not even need to hack the gadget - he just needs to know the user's phone number, after which he can initiate the procedure for blocking him without the possibility of re-authorization in the system.

    The ability to deprive anyone of using WhatsApp is a consequence of a giant vulnerability discovered in the messenger by information security specialists Luis Carpintero (Luis Carpintero) and Ernesto Pereña (Ernesto Canales Pereña). They notified the developers of WhatsApp about their discovery, but they have not yet released a patch that fixes the breach, thereby leaving 2 billion users at risk of losing their account.

    WhatsApp does nothing to protect users from blocking their profile

    WhatsApp is the most popular instant messenger in the world. According to Statista.com, in terms of the number of monthly active users as of January 2021, with its more than 2 billion, it was ahead of Facebook Messenger (1.3 billion) and Chinese WeChat (1.21 billion), along with QQ (617 million). WhatsApp has been owned by Facebook since February 2014.

    How the vulnerability works

    Vulnerability in WhatsApp makes it possible to completely block the victim's account and is carried out in two very simple steps, in each of which the perpetrator does not even need hacking or social engineering skills - he will not contact the profile owner at all.

    WhatsApp standard authorization window

    At the first stage, an attacker simply needs to install WhatsApp on a smartphone and try to log in using the desired phone number. The messenger will send him an SMS with a confirmation code, and here there is a calculation that the owner of the number will ignore them. After several such attempts, the application on the attacker's device will report too frequent authorization attempts and allow the next one only after 12 hours. At the same time, WhatsApp on the victim’s device will continue to work as before.

    Notification that authorization was not possible due to an excessive number of attempts

    In the second step, the attacker registers a new email address and writes a letter to WhatsApp technical support saying that his account was lost or stolen. He asks to turn it off and indicates the number of the victim. WhatsApp can send an automatic email asking you to write the number again, and the attacker will do it.

    Letter to WhatsApp technical support requesting blocking

    Further, WhatsApp, without making sure that the real owner of the account wrote to technical support, initiates the blocking procedure. After about an hour, the messenger will suddenly stop working on the victim's device - she will see a message that her number is no longer registered in the system. “It could be because you registered it on another phone. If you haven't done so, verify your phone number to log into your account again," the notification will say.

    WhatsApp response confirming that the request has been fulfilled

    All of this will work even if the user has enabled two-factor authentication. An attempt to request a new code will fail - WhatsApp will allow you to do this only after 12 hours.

    Bonus stage and full blocking

    If the attacker decides to stop at the second stage, then everything will end up with just the inability of the user to connect to WhatsApp with his number for several hours. After a maximum of 12 hours, the user will be able to regain control over his account and continue working in the messenger exactly until someone wants to repeat the "trick" with the blocking.

    But in fact there is an additional, third stage, leading to a complete blocking of the account.

    In fact, this stage can become the second - the attacker does not have to send a letter to WhatsApp support, he can just wait 12 hours, after which he will again make several attempts to register someone else's number on his phone. After the third 12-hour blocking, WhatsApp will break, and instead of a timer counting down the time until the next authorization attempt, it will show “-1 second”, moreover, constantly. This is a malfunction in the messenger, which cannot be bypassed.

    A stuck timer on the phones of the victim (left) and the attacker

    This picture will be observed both on the hacker's device and on the victim's smartphone, and as a result, no one else will be able to log in to the messenger using this phone number. The only thing left is to try to contact WhatsApp technical support and look for ways to solve the problem.

    Whatsapp does not solve the problem

    A Forbes article shedding light on a new WhatsApp issue was published on April 10, 2021. By April 13, 2021, the developers had not released an update to fix it and did not set a release date for it.

    Ruslan Rakhmetov, Security Vision: Russian business is interested in offers from MSSP providers

    Safety

    Instead, they are preparing to implement a new privacy policy, according to which the messenger will automatically transfer huge amounts of personal user data to Facebook for better ad targeting.

    This policy was intended to be implemented by WhatsApp on February 8, 2021, but was forced to temporarily abandon this idea due to a flurry of criticism. The new date for its entry into force is May 15, 2021, and all those who are not going to agree with it are in for a very serious punishment.

    In February 2021, CNews wrote that those who disagree with the new WhatsApp privacy policy will no longer be able to send and receive text messages. Developers will leave them only voice calls. Moreover, the profiles of those users who stop using WhatsApp and switch to other messengers are guaranteed to be completely deleted.

    WhatsApp other issues

    WhatsApp is known not only for the fact that it is used by billions of people, but also for the fact that if it appreciates its users, it is far from always. So, for example, in June 2020, it became known that some phone numbers linked to user profiles in WhatsApp had been in the public domain for a long time and even got into Google search results. In total, with the help of Google, it was possible to find up to the number of about 300 thousand users of the messenger, and this problem was of a global nature.

    WhatsApp is still in first place in terms of the number of users

    In November 2019, CNews reported that WhatsApp users were automatically permanently banned for participating in harmless group chats.


    Learn more