Bhubaneswar: Can your WhatApp account be hacked? The answer is ‘yes’.
The WhatsApp account of Odisha Computer Application Centre (OCAC) CEO Manoj Pattnaik has reportedly been hacked and his acquaintances defrauded Rs 7 lakh. Pattnaik is also serving as Additional Secretary of the State Electronics and Information Technology (E&IT) Department.
Well, to our point…
Some time back, Forbes carried an article in which security researchers Luis Márquez Carpintero and Ernesto Canales Pereña demonstrated how easily hackers can take control of your WhatApp account.
Following are the main points of that report:
* When you install WhatsApp on your phone, you type your number, then the platform sends you an SMS code to verify the account. Your WhatsApp is now active.
* Unfortunately, anyone can install WhatsApp on a phone and enter your number on the verification screen. You receive codes but you haven’t requested them.
* An attacker can be doing this. They request repeated codes and enter incorrect guesses in their app.
* WhatsApp blocks code entries on the app after a certain number of attempts telling the attacker to “try again in 12 hours.”
* Now, if you delete WhatsApp in this 12-hour period, no new code will be sent to you also even if you reinstall the app and request for a code.
* Attacker now registers a new email address and sends an email to support@whatsapp.com to deactivate your number.
* Your account will now be deactivated by an automated process.
* WhatsApp says this might be because you registered it on another phone.
* Even the two-factor authentication will not be able to protect your account.
* The researchers indicate that WhatsApp gets confused after the third 12-hour cycle.
The problem with WhatsApp verification architecture is that the SMS codes and the automated email support doesn’t have any second layer to check for authenticity and is very much open for abuse, it says.
WhatsApp simply links to a phone number and doesn’t have a trusted device policy that links it to a device ID or the operating system it was last installed and verified on.
Useful tips
* The most apparent signs of another person using your account lies in your messages — messages you didn’t send to messages from unknown people.
* Hijacker will start changing your contact information. Verify contacts for faces you don’t recognize.
* Verify your profile information for new/changed information.
* WhatsApp Web: you can see the last session or any open session if you select it from the three-dot settings menu to find out if anyone is using your account.
Also Read: WhatsApp Account Of Top Odisha IT Official ‘Hacked’ After Unknown Call