Category Archives: WhatsApp

The famous whatsApp messaging is a victim of hacking. Hackers want to get their hands on users' messages at all costs.

A security flaw allows a hacker to block the user's WhatsApp account

Recently it was discovered a rather serious vulnerability affecting WhatsApp and its use.

Indeed, thanks to a major security flaw, it is possible for a hacker to permanently block a user's account remotely. Having been made aware of the situation, WhatsApp for its part did not hesitate to warn its users. In addition, a set of sanctions would be in the works to punish anyone who tries to take advantage of it. Although to reassure social networks claims that this kind of computer attack are quite rare.

This article will also interest you: WhatsApp: A malicious program that steals financial data

Using a user's phone number to block their WhatsApp account was discovered by two computer security researchers Luis Marquez Carpintero and Ernesto Canales Perea. The article appeared on the American media Forbes.

Even in the presence of multi-factor authentication it is possible for the hacker to use vulnerability to hijack security measures. "This hacking could have an impact on millions of users, who could potentially be targeted by this attack. With so many people relying on WhatsApp as the primary communication tool for social and business purposes, it's alarming how easily this can happen," says Jake Moore, a computer security researcher at ESET, a computer security company.

So we wonder how this vulnerability is used in a practical way. Our two computer security researchers, Luis Marquez Carpintero and Ernesto Canales Perea. Explains in Forbes' lines: "The attack takes place in several stages. First, the attacker will use your phone number to try to set up WhatsApp on another smartphone. This number may have been recovered from a leaked database. To verify your identity, the email app will transmit login codes to your phone number. You will then receive login codes that you did not claim. If this is your case, you are advised to be wary. You are probably the target of a computer attack. Anyone can install WhatsApp on a phone and enter your number on the verification screen." Subsequently, the hacker will continue to request login codes to WhatsApp.vFover to enter incorrect codes, WhatsApp will eventually block the login code request for more security. Generally this Blocking of WhatsApp lasts about 12 hours. Time long enough for the hacker to develop his tactics. Subsequently: "The hacker has a period of twelve hours to carry out the rest of his plan. In a second time, the hacker will create a fake email address in your name. It is exceedingly simple to create an email address with the name of others, especially on Gmail. With this fake address, he will get in touch with WhatsApp's customer support, support@whatsapp.com. In the email, he will explain that his smartphone has been lost or stolen and will request the suspension of your account. Customer service will interpret the multiple erroneous codes entered earlier as evidence of its assertions. ».Unfortunately for the WhatsApp victim then suspend the account without any check upstream. "Your phone number is no longer registered with WhatsApp on this phone. This may be because you recorded it on another phone. If you haven't, check your phone number to reconnect to your account," the unfortunate victim will read. The problem is that it will not be able to log in because the code is blocked. And worst of all, the hacker can continue to block it. indefinitely. Clearly the victim is unfortunately blocked and has no means to protect himself.

Forbes magazine then contacted WhatsApp to explain to him, questioning the legality of the social network's terms of use. "Providing an email address with a two-step audit helps our customer service team help people if they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of use and we encourage anyone who needs help to send an email to our support team so that we can investigate," whatsApp points out, trying to reassure that this scenario is particularly rare. But the courier service did not at any time specify a possibility that steps will be taken to fill this security gap. "A move towards greater privacy protection would help protect users from this," says Moore.

Now access an unlimited number of passwords:

Check out our hacking software

WhatsApp: A malware that steals financial data

Recently, WhatsApp was mired in a policy related to the privacy of users' data and the treatment that its parent company, Facebook was supposed to make of it.

Apparently the problem is not yet solved. Indeed, another problem completes the panic of users of the messaging application, who have already begun to migrate massively to other alternatives. In the aftermath, the European judicial institutions threatened the social network with a fine of up to 50 million euros.

As if all this wasn't enough, it was recently discovered a malicious program that invited itself into the features of the messaging application. This is the work of ESET's cybersecurity specialists. This malware, according to researchers at the cybersecurity company, is a real danger to be taken very seriously: "This malware spreads via the victim's WhatsApp application by automatically responding to all WhatsApp notifications with a link to a malicious version of Huawei Mobile," explains computer security researcher Luca Stefanko.

This article will also interest you: WhatsApp and the privacy of our data

The procedure looks like a fairly classic phishing. Indeed the user is notified through a message containing a link. Link redirects the person who clicks on it to a web page that takes the form of the official Google PlayStore page. When the app is installed on the user's smartphone, it issues several permission requests. namely:

  • Access on notification;
  • The ability to model other applications;
  • The ability to stay active in the background.

Once properly analyzed by computer security specialists, it was discovered that the malware did not request these authorizations in a haphazard manner. Indeed, thanks to the permission to access the notification, it is easier to share for the hacker who are hidden behind the application, the false link that leads to the download of the fake Huawei Mobile application to contacts with which the infected person is used to exchanging. By allowing application layers and background operation, it allows hackers to monitor your actions.

In other words, the app allows you to monitor your actions. Hackers may be aware of anything you do with your smartphone. This of course means that they can collect login credentials and even bank details. According to researchers at the European Security Society, the cyber criminals behind this malware are not really interested in sensitive data. Their objectives seem to be the installation of several other malware, which will allow it to bombard the infected user with malicious advertisements. Advertising spam that will encourage you to subscribe to certain subscriptions more or less fraudulent.

Of course there is a way to protect yourself from this malware:

– Tip number 1 is a classic: never download an app outside the official store such as the AppStore and PlayStore. In this context, it is recommended to go directly through the applications that allow access to this shop instead of necessarily wanting to use a link.

– For the number 2 advice it is to make sure to be on a legitimate site when you access it.

– Council number 3 is simply to encourage you and protect your terminals with security solutions such as antivirus or firewalls.

Now access an unlimited number of passwords:

Check out our hacking software

WhatsApp and the privacy of our data

Even though Facebook has a bad reputation, the fact remains that WhatsApp, the famous messaging app that is part of the group has always wanted to have an image of protector of personal data and privacy.

Yet in practice, it has been shown several times that the application allows other third-party software to have access to its users' data. In this way, giving them the ability to track the online activities of the user of the Messaging app. In other words, people know who to talk to. They know at what time you are sleeping and they know how long you are connected, and this without the user's knowledge. "These intrusive applications show that even services that strongly protect users' privacy in some way — like WhatsApp, which is committed to encrypting messages — can still expose data that can be used to trace their users. WhatsApp's vulnerability comes from the service that publicly indicates whether a user is "online" (i.e. if they are using the app) at any given time. Isolated, this is relatively harmless information. says Business Insider.

This article will also interest you: WhatsApp: the scam you need to know about

To the extent that this application in the ability to collect for a long time personal data, using the set of tools available to them, they have the opportunity to define very well detailed profiles of people "monitored"

But we need to clarify a point that may be going in the positive direction of things, these applications will not expose the data collected for the user. It should just be used to define profiles that can be presented to future advertisers. They do not identify the content of user-to-user exchanges. "But they present themselves to potential customers as tools to know when other people are sleeping, when they're using WhatsApp, and even who they're talking to on the app — what they get to know by comparing multiple people's activity logs and seeing which ones match. Business Insider says.

They are almost compared to tracing applications, which are used for unconventional monitoring, Stalkerwares.

"It's easy to imagine what an abuser could do with this information or, for example, an employer who would use it to find out if his employees are talking on WhatsApp during their work day, or a law enforcement official who would see if people were talking on WhatsApp during a demonstration." Cooper Quintin, senior security researcher at the Electronic Frontier Foundation (EFF) explained when asked about WhatsApp's surveillance software. "I don't see any legitimate good use of these applications. He adds.

Caught up in the popular fervor that res koreans of Facebook for its new terms of use, the messaging service wanted to clarify some details in a statement made by its spokesperson: "WhatsApp provides privacy control tools to users to protect their profile picture, their "about" status and the "seen to" option for messages received. We maintain automated abuse control systems that identify and prevent abuse of applications that attempt to detect whatsApp users' information, and we are constantly working to improve our systems over time. We also ask app stores to remove apps that abuse our brand and violate our terms of use. ».

Yet it was recently discovered, an application that allows iPhones to have access to the content of exchanges on WhatsApp. This kind of application to make it more and more on the official blinds of application. These include the AppStore or the PlayStore. This is of course likely to worry and raise questions about the analyses that Google or Apple perform at the level of their blinds. At this time, neither company has commented on this situation. But it can be remembered that their policy and normally contrary to the proliferation of this kind of spyware. Don't they promise to protect against all this.

Now access an unlimited number of passwords:

Check out our hacking software

WhatsApp: the scam you need to know about

In common practice, cyber criminals are always looking for ways to scam users of digital services.

For this they do not skimp on the means and on the strategies. Their favorite field of action and social networks, especially those networks that get the most users. And that's what we're going to talk about in this article. The social network concerned here is the famous WhatsApp messaging. The scam in question has already been in vogue for a few weeks. Almost everyone talks about it. In any case, this will not be the first time or the last time whatsApp is involved in this kind of large-scale scam.

This article will also interest you: Using a WhatsApp group to expand cybercrime activities

Lately, users of the social network have noticed that questions are being asked in a message he was receiving. They were required to have six-digit verification codes. The message read: "Hello, sorry, I sent you a 6-digit code by SMS by mistake, can you pass it on to me? it is urgent." For a standard user, you probably don't pay attention to this kind of request. It is true that since the sender is not necessarily known to you you would not trust him, however, you will not really pay attention to it. However, cyber criminals have thought of everything. They will go through someone you know very well, another user you registered as a contact. It will simply impersonate the individual to make his practice credible. At this precise moment the goal of here criminals and steal your WhatsApp account. Indeed, the WhatsApp account is a significant asset for the cybercriminal.

For some people, the point of this manoeuvre would be to steal information of financial importance. This may be bank data or login credentials to hack into other devices. Unfortunately on social networks, this kind of practice works very and easily. And there are strong chances it works easily.

Practically here's what hackers do. They first install the WhatsApp app on their smartphone. Then they enter the target's number and do so when we log in or create a WhatsApp account. Then they send a message with a code for identity verification. By contacting one of your correspondences, he asks you to send them the code they would have sent you by mistake. The person whose identity is being used is surely someone whose WhatsApp account has already been stolen. If, unfortunately, you actually send them the code you receive by message, then you will lose how like your contact, control of your account, as well as all the data that is affiliated with it, i.e. your contacts and see the stored messages. For this reason, it is recommended to ignore messages received in this way.

Clearly, avoid sharing the codes you have by message without you having previously taken any action, tending to this. Especially when such a technique can pass very easily without it arouses suspicion. Especially with people who aren't really familiar with how WhatsApp codes work.

Therefore, the first rule when you are written even if it is an acquaintance, never transfer a code that you received by message. This can take the form of several types of malicious practices. Simply ask the person to resume their operation to get their code back.

Now access an unlimited number of passwords:

Check out our hacking software

Using a WhatsApp group to expand cybercrime activities

One can be convinced of one thing today, cybercrime has become very covering.

Our habits are imbued with it without us even realizing it. Every day computer systems around the world are attacked. In Africa, Senegal is the 5th country to suffer the most computer attacks. It is also 71st in the world, as revealed on Friday in the capital of the African state, Adjeoua Haikreo, by the director of 4ITSEC-AFRICA.

This article will also interest you: A website specifically dedicated to the Security bug of WhatsApp

The main targets of cybercriminals today are small and medium-sized enterprises and small and medium-sized industries, Haikreo says. He points out that the tactics most used by cyber criminals in this context and the use of e-mails that may come from outside the borders of the state or even from Africa. Moreover the groups of the most famous messaging, WhatsApp is much used in this strategy of cybermalveillance.

It is in this context that Mr Haikreo, the professor-researcher at the Cheikh Anta Diop University in Dakar, asks for the need to closely monitor the SME and the PMI, so that he can take more ownership of the various practices and policies related to computer security in Senegal.

The specialist even spoke at the "Cyber October" launch on the issue. It should also be noted that "October Cyber" and a global event aimed at raising awareness and organizing measures on computer security, user and business protection. Our expert took the opportunity to call on the various actors to comply with the state's cybersecurity policy. To be quite diligent in the application of certain measures and policy in this area. Indeed it should be noted that Senegal has set up the PSSI-ES for Information Systems Security Plan. A policy that aims to best combat cybercrime and prevent computer attacks. According to a local media outlet, Mr. Haikreo mitigates to invite private companies in particular SMEs and PMIs: "who often do not have a Security System and Information System (DSSI) directorate", to have in their workforce, a person specifically responsible for computer security, in other words an RSSI (information system security manager) as it is said in the jargon. "Because that's how we can better understand the phenomenon."

It also recommends that the company conduct regular audits of their computer system and security protocol. This type of procedure will allow them to easily take stock of the effectiveness of their protections in real time. This will allow them to know what needs to be improved. In the event of an intrusion, companies will now know how to prevent this from happening again and, above all, "know what has been done and where it comes from," Haikreo says. He did not fail to point out that any type of computer-related incident that may have any connection to cybercrime should be reported.

This will allow the authorities to initiate the necessary procedures to ensure that certain events do not happen again. "We would have to be able to identify all these attacks so that our SMEs and our authorities do not fall into these traps," says the expert. He took this opportunity to congratulate the Senegalese government on all efforts in the area of cybercrime. However, it is raining for the creation of an evaluation monitoring commission for the effective implementation and compliance of the Information Systems Security Plan. "They say security is moving very fast. We, too, need to move a little faster than that. But without rushing, if we want to achieve the goals we have set ourselves," stresses Adjeoua Haikreo. In addition, he advocates the creation of another cybersecurity agency, whose function will be the best deposit of the National Cyber Security Commission in the management of cyberattacks. Especially those from the Internet. An initiative to consider under the circumstances.

Now access an unlimited number of passwords:

Check out our hacking software