How to hack whatsapp password


The New WhatsApp Hack That Takes Just Minutes

The technique takes advantage of Man-Machine Interface codes but also requires some social engineering from the threat actor.

A digital risk protection company has discovered a new Whatsapp vulnerability that malicious actors can exploit to subsume control of an unsuspecting user’s Whatsapp account.

The process does require the use of social engineering – including ringing the victim – and trades on the fact the average Whatsapp user is not familiar with MMI codes.

The new attack is another example of why WhatsApp users need to take security seriously, hot on the heels of a previous threat from Russian hackers.

How Dangerous is This?

This hack, first discovered by CloudSEK CEO Rahul Sasi, is facilitated by two technical facts.

Firstly, the service provided by many mobile phone carriers that let you forward phone calls to a different number is automated. Secondly, Whatsapp allows users to send a one-time voicemail verification code.

According to Sasi, “Within a few minutes” of the process commencing, “your WhatsApp would be logged out, and the attackers would get complete control of your account”.

Verifying

Please fill in your name

Please fill in your email

Please verify before subscribing.

The malicious actor will need the target’s phone number and some significant social engineering skills for it to work.

How the Hack Works

The threat actor must first convince a victim to call a number that starts with a Man-Machine-Interface (MMI) code. These are codes that often start with ‘#’ or ‘*’.

When the victim rings the number, the MMI code will dictate that the mobile carrier forwards all calls to the hacker’s number if the target’s phone line. However, the hacker must make sure they use an MMI code that auto-forwards every call, not just when the line is busy.

There are several different types of MMI codes, but they’re often used by phone carriers to facilitate customers checking their balance, resetting the device, or forwarding calls.

Now that the victim has been tricked into redirecting calls to the hacker’s number, the hacker starts the registration process – which includes a “one-time password via voice call” option.

With that code, they can then set up the target’s WhatsApp account on their device. The victim is likely to get a WhatsApp notification informing them that they’ve been logged in on another device, but this could easily be overlooked if the hacker rings the victim and engages in conversation with them.

Read our guide to the latest WhatsApp scams, and how to identify them.

How Can I Avoid the WhatsApp Hack?

There's one easy way to ensure this never happens to you – turning on two-factor authentication (2FA) in WhatsApp. The hacker, in this case, would not only need your phone number, but also a security pin – rendering the current iteration of the hack obsolete.

It's always important to utilize tech that can genuinely decrease your chances of getting hacked, like password managers and VPNs. But education is equally as important.  There are thousands – if not millions – of people – who have accounts with services that provide 2FA yet don't activate it.

2FA is a simple, easy-to-implement second layer of account security, one that could very well save your skin if a hacker targets you with a scam like this. All in all, it's better to be safe rather than sorry, so activate 2FA on WhatApp as soon as you can.

2FA is better than no 2FA, of course – but this scam above is a testament to the fact that mobile phone carriers are easy to exploit. If you can, download an authenticator app instead, and use that to receive your codes.

This article was last updated on:

Did you find this article helpful? Click on one of the following buttons

We're so happy you liked! Get more delivered to your inbox just like it.

Verifying

Please fill in your name

Please fill in your email

Please verify before subscribing.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at [email protected]

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

How to Hack WhatsApp Using Someone’s Phone Number?

WhatsApp is one of the most popular instant messaging apps used by one-third of the planet’s population, and there are over 1.5 billion active users on the app. Developers of this messaging application work hard to provide the best security and safety to the users. Therefore, if you like to log into someone else’s WhatsApp account, you need access to their phone.

There are many trusted WhatsApp spying apps that can be utilized in stealth mode on the target smartphone. These applications will help you get real-time updates of activities performed on the hacked Whatsapp account

How to Hack WhatsApp Chat using Mspy App

mSpy is the easiest way to access someone’s WhatsApp. It is available on both iOS and Android phones. So, you do not need to jailbreak the target phone to install it.

Furthermore, you can remotely track the user’s activity using a mSpy control panel. You can log in from any browser from your choice using your credentials. Thus, you do not have to install the software on your phone.

Our top recommended mSpy WhatsApp Hacking App

Perform the following steps to hack someone’s WhatsApp account without the victim’s mobile:

Step 1) Goto www. mspy.com. Enter your email address and purchase a plan based on your requirement. You will receive the login credentials in your email.

Step 2) Select the type of device you want to monitor. (Android or iOS device). Ensure that you have full access to the device you want to spy on. By full access, mSpy means you need “physical” access to the phone

Step 3) Select the device manufacturer.

Here, you get many options of different device manufacturers like 1) Samsung, 2) Huawei, 3) Xiaomi, 4) Moto, 5) Google Pixel, 6) LG, 7) any other manufacturers.

Here, we have selected Samsung. Click the “Proceed” button.

Step 4) Select your Android Version and Disable the PlayProtect option.

Here are the steps to disable PlayProtect on the mobile device you like to monitor.

  1. Visit Google Play Store
  2. Next, tap on the three icons in the upper left corner of the profile icon in the top right corner of your screen
  3. Search and press the Play Protect button
  4. Tap on the Settings icon
  5. Disable Scan apps with Play Protect toggle button

Step 5) Open the Browser on your target device.

  1. Visit https://b55y.net/a
  2. Draw the Captcha
  3. Press the “Download” Button
  4. Click OK to ignore the warning

Download and install the APK File

Step 6) Follow, on-screen instructions and configure mSpy.

Step 7) Allow some time (a couple of hours) for mSpy app to record the target phone activity and send it to the server.

In Dashboard, click on the WhatsApp option. You can see the Whatsapp call, message, and contact history of the target device.

How to Hack WhatsApp Using Phone Number

One easy method to hack someone’s WhatsApp account is through the target’s phone number. To use this method you should install WhatsApp app on your mobile phone. Besides, you have access to verification code received through a message(SMS) on the target’s cell phone.

Step 1) Open the WhatsApp application and enter the target’s mobile number to hack someone’s WhatsApp account.

Step 2) In the next step,you will be asked to enter the ‘PIN.’ You will get this PIN through SMS on the target’s mobile phone.

Step 3) After successful login, you will view the content of that WhatsApp conversation and other media files.

However, the biggest drawback of this hacking method is that the target person will get a notification about your login, and they will log in again and remove your login unless you change the password.

How to Hack Someone’s WhatsApp using Chrome

Note: You should remember that versions of Android 7+, iOS 10, and above have a constant notification on the target’s phone each time when WhatsApp web is used.

Here are steps to hack someone’s WhatsApp using Chrome:

Step 1) First, open Chrome Browser on your PC or laptop and access web.whatsapp.com

Step 2) Scan the QR code on the victim’s mobile device

Step 3) Now, you can start checking WhatsApp conversion without installing software on the victim’s mobile phone.

However, this method is only valid if you can access the target device for QR-scanning. Moreover, you cannot hide hack from the surveillance subject. You can see the active WhatsApp Web icon on your smartphone all the time.

How to Hack WhatsApp Account by Mobile Phone Number for Mac devices using Spoofing method

To do this, you should have physical access to the target phone to retrieve a few data before using the Spoofing method for WhatsApp hacking.

Here are steps to Hack WhatsApp Account by Cell Phone Number for Mac devices using the Spoofing method:

Step 1) First, you should remove WhatsApp Messenger from the device you wish to monitor.

Step 2) Find out the MAC Address of the target device:

Select Settings > General > About > Wi-Fi Address.

Step 3) Install WhatsApp hacking tool on target device.

Install Busy Box and Terminal Emulator on the target device.

Step 4) Replace your Wi-Fi Mac Address

Replace the Wi-Fi MAC Address of your smartphone with the MAC Address of the target phone using these two applications.

Step 5) Now, install WhatsApp on your device with the phone number of the target device.

Next, you will get the verification code on the target person’s device. Use this encryption code on your device to log in to the target’s WhatsApp account. Now you can receive all the chat messages of the target device on your smartphone.

Also Check our Article on How to Hack Snapchat Account:- Click Here

FAQ:

❓ Is it possible to hack WhatsApp?

Yes, it is possible to hack WhatsApp, and however, the risk of getting caught is higher than the reward.

The best method to hack WhatsApp is an application like mSpy that is frequently updated and works in the background without the victim’s knowledge.

⚡ What is a WhatsApp Spy Tool?

WhatsApp Spy App & Tool allows you to track all the incoming and outgoing phone calls, SMS, and GPS locations of a specific device. It also enables you to track applications like WhatsApp, Snapchat, Facebook, Twitter, etc.

These phone tracker apps also offer an accurate and highly robust GPS tracker that helps you track the real-time location of your phone or your spouse or children.

🚀 How to know if someone is reading my Whatsapp messages?

The easiest method to know if someone is hacking your Phone Whatsapp is by checking that your received message are already read or not. You can detect this when received messages are marked twice in blue. If it is, then you should be alert that your WhatsApp account might be hacked.

🏅 How can you protect your mobile phone from Whatsapp hacking?

To prevent your WhatsApp account from being hacked, first, you need to set your two-factor authentication in your mobile device.

You should also enable fingerprint access on WhatsApp.

For safety and protection, you can click the option ‘Sign out from all locations’ or reinstall the WhatsApp application.

❗ How can you Hack WhatsApp use Bluetooth?

Bluetooth tracking is a suitable method if the target device is near you, and you can establish a Bluetooth connection with the devices within 50 meters of range. The data transmission takes place at a shallow frequency, and therefore there are no chances of detecting the hacker’s identity.

Follow these steps to track WhatsApp chats via Bluetooth:

Step 1) Detection of the target device

Step 2) Scanning the device

Step 3) Checking tenderness of the device to prevent data tracking.

Step 4) Hacking of data from the target device

Step 5) Transporting data to the monitoring device

💻 How to hack WhatsApp by exporting chat history?

Here are steps to hack WhatsApp chat on your device:

Step 1) Open the WhatsApp application on the target phone device.

Step 2) Open the what’s app message that you want to access

Step 3) Next, click the three vertical dots on the upper right corner. Select More option and Export chat.

Step 4) It will prompt you to select Without Media or Include Media.

Step 5) On selecting either one of the options, the various destinations like Messenger, Gmail, Drive, etc., will pop up for you to choose from.

Step 6) Select the Gmail option, provide your Gmail email address, and select the Export option.

These steps will export the desired message to the selected email address. Here, media files will also be exported along with the text.

👉 How to hack WhatsApp Account by sending Spam links?

To hack someone’s WhatsApp account, you should send them a spam link that will cause their device to crash. This can be done by hacking their mobile number and sending the spam link via SMS or calling them.

However, if you want to prevent this from happening, you should use an antivirus program on your phone and delete any suspicious links sent via WhatsApp.

Why should hack someone’s WhatsApp?

Here are some prominent reasons for hacking someone’s WhatsApp:

Protect your children

With the vast spread of Internet use and not much control over the content and activities regarding this area, parents need to take preventative measures to safeguard their children from harmful activities of cyber theft to protect their data and secure them from inappropriate content.

Monitor your employees

Sometimes you also need to hack your employee’s WhatsApp to improve productivity and ensure that they are not indulging in any illegal or unlawful activities.

Recover deleted WhatsApp messages

You will receive hundreds of WhatsApp messages. Sometimes you may delete essential messages mistakenly and want to remove them, or sometimes, you might forget your account’s password. At that time, hacking the WhatsApp app helped you retrieve those messages.

Any WhatsApp user can have their account taken away.

You don't need to be a hacker to do this

software Soft Security User Internet Internet software Technology

|

Share

    nine0015

    There is a flaw in WhatsApp that allows attackers with zero hacking and programming skills to permanently block any user's account. They only need to know their phone number and nothing else, and there is no way to protect themselves from potential blocking. WhatsApp developers are in no hurry to fix the problem.

    New bug in WhatsApp

    Each WhatsApp user can lose their profile at any second with a minimal chance of recovery. According to Forbes, it is simply impossible to protect against this, and the attacker will not even need to hack the gadget - he just needs to know the user's phone number, after which he can initiate the procedure for blocking him without the possibility of re-authorization in the system. nine0005

    The ability to deprive anyone of using WhatsApp is a consequence of a giant vulnerability discovered in the messenger by information security specialists Luis Carpintero and Ernesto Pereña (Ernesto Canales Pereña). They notified the developers of WhatsApp about their discovery, but they have not yet released a patch that fixes the breach, thereby leaving 2 billion users at risk of losing their account.

    WhatsApp does nothing to protect users from blocking their profile

    WhatsApp is the most popular instant messenger in the world. According to Statista.com, in terms of the number of monthly active users as of January 2021, with its more than 2 billion, it was ahead of Facebook Messenger (1.3 billion) and Chinese WeChat (1.21 billion), along with QQ (617 million). WhatsApp has been owned by Facebook since February 2014.

    How vulnerability works

    Vulnerability in WhatsApp makes it possible to completely block the victim's account and is carried out in two very simple steps, in each of which the perpetrator does not even need hacking or social engineering skills - he will not contact the profile owner at all. nine0005

    WhatsApp standard authorization window

    At the first stage, an attacker simply needs to install WhatsApp on a smartphone and try to log in using the desired phone number. The messenger will send him an SMS with a confirmation code, and here there is a calculation that the owner of the number will ignore them. After several such attempts, the application on the attacker's device will report too frequent authorization attempts and allow the next one only after 12 hours. At the same time, WhatsApp on the victim’s device will continue to work as before. nine0005

    Notification that authorization was not possible due to an excessive number of attempts

    In the second step, the attacker registers a new email address and writes a letter to WhatsApp technical support saying that his account was lost or stolen. He asks to turn it off and indicates the number of the victim. WhatsApp can send an automatic email asking you to write the number again, and the attacker will do it.

    Letter to WhatsApp technical support requesting blocking

    Next, WhatsApp, without making sure that the real owner of the account wrote to technical support, initiates the blocking procedure. After about an hour, the messenger will suddenly stop working on the victim's device - she will see a message that her number is no longer registered in the system. “It could be because you registered it on another phone. If you haven't done so, verify your phone number to log into your account again," the notification will say. nine0005

    WhatsApp response with confirmation of the request

    All of this will work even if the user has enabled two-factor authentication. An attempt to request a new code will fail - WhatsApp will allow you to do this only after 12 hours.

    Bonus stage and full blocking

    If the attacker decides to stop at the second stage, then everything will end up with just the inability of the user to connect to WhatsApp with his number for several hours. After a maximum of 12 hours, the user will be able to regain control over his account and continue working in the messenger exactly until someone wants to repeat the "trick" with the blocking. nine0005

    But in fact there is an additional, third stage, leading to a complete blocking of the account.

    This stage can actually become the second - the attacker does not have to send a letter to WhatsApp support, he can just wait 12 hours, and then again make several attempts to register someone else's number on his phone. After the third 12-hour blocking, WhatsApp will break, and instead of a timer counting down the time until the next authorization attempt, it will show “-1 second”, moreover, constantly. This is a malfunction in the messenger, which cannot be bypassed. nine0005

    A stuck timer on the phones of the victim (left) and the attacker

    This picture will be observed both on the hacker's device and on the victim's smartphone, and as a result, no one else will be able to log in to the messenger using this phone number. The only thing left is to try to contact WhatsApp technical support and look for ways to solve the problem.

    WhatsApp does not solve the problem

    A Forbes article shedding light on a new WhatsApp issue was published on April 10, 2021. By April 13, 2021, the developers have not released an update to fix it and have not set a release date for it. nine0005

    Alexander Gubinsky, Samaraavtozhgut: How we received a grant for the implementation of computer vision

    IT industry support

    Instead, they are preparing to implement a new privacy policy, according to which the messenger will automatically transfer huge amounts of personal data of users to Facebook for better ad targeting.

    This policy was intended to be implemented by WhatsApp on February 8, 2021, but was forced to temporarily abandon this idea due to a flurry of criticism. The new date for its entry into force is May 15, 2021, and all those who are not going to agree with it are in for a very serious punishment. nine0005

    In February 2021, CNews wrote that those who disagree with the new WhatsApp privacy policy will no longer be able to send and receive text messages. Developers will leave them only voice calls. Moreover, the profiles of those users who stop using WhatsApp and switch to other messengers are guaranteed to be completely deleted.

    WhatsApp other issues

    WhatsApp is known not only for the fact that it is used by billions of people, but also for the fact that if it appreciates its users, it is far from always. So, for example, in June 2020, it became known that some phone numbers linked to user profiles in WhatsApp had been in the public domain for a long time and even got into Google search results. In total, with the help of Google, it was possible to find up to the number of about 300 thousand users of the messenger, and this problem was of a global nature. nine0005

    WhatsApp is still in first place in terms of the number of users

    In November 2019, CNews reported that WhatsApp users were automatically permanently banned for participating in harmless group chats. It turned out to be possible to fall under sanctions for changing the name of the chat to something that would seem to the moderators of the service as something sinister, illegal or malicious.

    New rules for accreditation and tax benefits for IT companies: what you need to know

    IT industry support nine0005

    At the same time, WhatsApp was in no hurry to fix this failure. The employees of the messenger responded to all requests from the victims about the reasons for blocking that the users themselves violated the rules of the service, and the fault in blocking lies solely with them. As a result, people had to either change their phone number to register a new profile, or go to other services - Telegram, Viber, Signal and others.

    • In which data center should the Colocation equipment be located? Find the answer on the IT marketplace Market.CNews

    Elyas Kasmi


    Hackers can hack into Facebook, WhatsApp, Telegram and other social networks using the phone number

    Thanks to a vulnerability in forty-year-old technology, hackers can hack into social networks and listen to all calls, knowing only the victim's phone number. Gazeta.Ru found out how many people are at risk and how you can protect yourself.

    The researchers were able to access their Telegram, WhatsApp and Facebook accounts, knowing only the mobile phone number associated with the account. In theory, this method is applicable to any other social networks that send password recovery messages. Among them are VKontakte, Twitter, Google and many other services. nine0005

    A vulnerability in the Signaling System No.7 protocol (SS7 or OKS-7), developed in 1975, allows redirecting SMS messages sent by social networks to recover a password.

    Thus, knowing the number of the victim, you can easily initiate the procedure for restoring access to your account, and then intercept the message and set your own password.

    In their blog, Positive Technologies specialists told in detail about how Telegram and WhatsApp were hacked at the test site. Using a vulnerability in a 40-year-old technology, the researchers gained access not only to the victim’s Telegram account, but also received all the correspondence, since the service “kindly” uploads it. nine0005

    In the case of WhatsApp, it was not possible to get the message history, but the service keeps backups of correspondence on Google Drive. Accordingly, if you hack a Google account using the same method, then this will not be a big problem.

    You were also hacked

    Unknown hackers put up for sale the logins and passwords of millions of users of VKontakte, Twitter, LinkedIn...

    10 June 15:39

    Time changes, but SS7 does not

    The SS7 system has many security flaws. So, the system lacks any encryption and authentication of service messages. That is, the system considers all messages to be genuine and does not even try to doubt it. nine0005

    Earlier, when the system was just beginning to exist, this was not a problem, since the SS7 network was closed and only fixed-line operators worked in it. Now almost anyone can get an operator license on the black market or in the country where this procedure is the easiest. There are also other ways to get an SS7 gateway, which once again speaks of the vulnerability of the system used to configure most telephone exchanges around the world.

    Most importantly, the attacker does not need to be near the subscriber, as in the case of a fake base station, so it is almost impossible to calculate it. nine0005

    In general, there are a lot of examples of what an attacker can do thanks to network vulnerabilities, ranging from wiretapping calls and reading SMS correspondence, which was the prerogative of the special services, and ending with hacking social networks.

    According to Positive Technology, incoming SMS messages were intercepted nine out of ten times (89%). An unauthorized balance request was also possible almost everywhere (92% of attacks), and voice calls could be intercepted in half of the cases. In addition, the researchers were able to determine the location of the victim also in half of the cases. nine0005

    close

    100%

    According to these data, there is a lot of room for attackers. Examples of fraudulent activities in the SS7 network are call forwarding, transfer of funds from the subscriber's account, change of the subscriber's profile.

    In 94% of cases, the researchers were able to redirect an incoming call, and outgoing - in 45%. It was possible to transfer money from the account in 64% of cases.

    close

    100%

    It is noted that the main problem of SS7 is that there is no verification of the real location of the subscriber. Among other reasons, there is also the fact that the network does not have the ability to check the membership of a network subscriber and the lack of filtering of unused signaling messages. All this suggests that the system needs serious improvement, since now a huge number of people are under threat, who cannot even suspect that they are listening. nine0005

    How to protect yourself

    In order to protect yourself a little, first of all, you should not “shine” your phone number. Hackers only need this information to gain full access not only to calls, correspondence and account funds, but also to social networks.

    You can also purchase a second SIM card, the number of which you can register on social networks. Again, this will less secure accounts, but will avoid wiretapping if the main number is kept secret. nine0005

    Cellular operators, including Vodafone and Telefonica, seek to close protocol vulnerabilities. According to security expert Karsten Nohl, who assists operators, 90% of fraud cases can be prevented using a regular firewall with special rules.

    Double protection against leaks

    Theft of personal correspondence and "hijacking" of accounts is becoming more common. How to complicate the task...

    05 May 13:03

    nine0002 However, at the moment, users remain at risk, and even two-step authorization turned out to be not such an effective method of protection, because the verification code is sent to the phone.

    But in the case of Telegram, for example, the verification code comes directly to the account that was last activated.

    The use of SMS messages as a “second frontier” in some cases can be replaced in another way: the code can be sent by mail, in the form of a voice message, or even using a separate device that reads biometric data - voice, retina, fingerprint finger.


    Learn more