- Jun 1, 2022
- 0
There’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list.
The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password (OTP) verification code via voice call.
It takes just a few minutes for the attacker to take over the WhatsApp account of a victim, but they need to know the target’s phone number and be prepared do some social engineering.
The attacker relies on social engineering and convinces the person to make a call to number containing a MMI code (*xx#), this in turn activates the call-forwarding on your number, and allows the attacker to recieve a whatsapp OTP via voice call, which in turn leads to the account takeover.