sb-eu logo
Story image

WhatsApp users warned to change voicemail PINs

18 Feb 2019

Australia’s Stay Smart Online is warning WhatsApp users to change their mobile’s voicemail PIN from the default PIN, if they haven’t done so already.

Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes. Those codes can allow the attacker to use a victim’s WhatsApp account on the attacker’s own device.

The attack method isn’t new – it has been doing the rounds since 2017 and Israel’s National Cyber Directorate issued a warning about it - however people are still falling victim to the attack. 

Stay Smart Online explains how it works:

The attacker will install WhatsApp on their own device using a genuine user’s phone number. Usually this happens late at night when a user would generally be sleeping and not using their phone.

While WhatsApp will send a one-time verification SMS to the user’s phone, the attacker cannot see this if they don’t have the phone.

However, if a user doesn’t use the SMS code WhatsApp switches to a voice verification code. It calls the user’s phone and speaks the one-time verification code out loud. But because the user is asleep, the automated call goes to voicemail.

“Most mobile service providers allow remote access to your voicemail account, by calling a generic number and entering your PIN code,” Stay Smart Online says.

“So to retrieve the voicemail, the hacker simply needs to call the generic phone number and enter the victim’s four-digit PIN – which, if you haven't changed it, is typically a simple combination such as 0000 or 1234 by default."

“Once the hacker listens to the pre-recorded voicemail and hears the verification code, they can then access your WhatsApp account on their own device."

“When the attacker uses the default PIN to access the victim’s voicemail, they can hear the code and then enter it into their own device, completing the transfer of the victim’s phone number to their own WhatsApp account,” adds Sophos’ Danny Bradbury.

“To seal the deal, the attacker can then enable two-step verification, which is an optional feature that WhatsApp has been offering since 2017. This requires the user to set a custom PIN, which they must then re-enter if they wish to re-verify their phone number. Turning on this feature prevents the victim from regaining control over their own phone number.”

WhatsApp users should change their voicemail PINS to a strong password. This can be done in the phone’s voicemail settings or by calling the user’s phone service provider.

Users should also enable two-factor authentication on their WhatsApp account for an extra layer of security. This can be done by opening the app and going to Settings > Account > Two-step verification > Enable.

Story image
Cybersecurity spending for critical infrastructure to surpass US$105 billion in 2021
The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective. More
Story image
VPNs and zero trust security don't mix - Zscaler report
93% of organisations surveyed have deployed some kind of VPN, yet 94% know that VPNs are a popular target for cybercriminals.More
Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
WatchGuard rolls out updates to bring greater security to MSPs
"WatchGuard Cloud’s continued evolution is lowering the barrier to entry for MSPs to add security to their portfolios and solidifying it as the management platform of choice for the security channel.”More
Story image
Cybersecurity trends to look out for: Extortion among the top threats in 2021
Cyber-crime is evolving, driven by emerging trends — 2021 may be the first year when data extortion officially becomes the main threat to businesses worldwide.More
Story image
AppDynamics launches Cisco Secure Application to protect against vulnerabilities
AppDynamics, part of Cisco, has released Cisco Secure Application, a solution designed to simplify vulnerability management, defend against cyber attacks and protect applications.More