[Latest News][6]

android
articles
blogger
cpa-marketing
earn

Hack WhatsApp account just with answering call





Perhaps I will regret writing this article but in reality I do it with a specific purpose. I do not want to teach you to violate a Whatsapp account but I would like to make all of you aware of a conscious use of the internet, specifically safeguarding your privacy and making you more aware of the risks you run simply by being connected to the network. At the same time I would like to send an alarm message to the telcos that manage these services.
Without due premises, we come to what is written in the title of the post: below I will describe in brief how you can take possession of a WhatsApp account using the answering machines of our mobile operators.
As you may not know or maybe some of you know, on our phones or better on the sim, it is enabled by the operators a secretarial service telephone that records messages of the caller, if a phone is not taken or the user is unreachable.
Very useful service if not that, just the answering machine, is the weak point that allows an attacker to violate the victim's WhatsApp account  .


WhatsApp provides 2 options to recover your account.
And I'm:
-Send / Resend SMS
-Call me  . 

We know the vulnerabilities of the SMS option, I talked about this article .Let's focus on the second option, " Call me ".
To have the second option available, it is necessary to wait 1 minute. This is because WhatsApp automatically checks the arrival of the SMS on the phone. If at the end of the time it will not be able to intercept the SMS it will enable the second option.

Once tapped on Call me Whatsapp will call the victim's number, but if the victim by chance does not answer the call, for example because he is sleeping or is traveling by plane :)  will activate the answering machine .

The answering machine will take the call for you and record the code that WhatsApp will have sent to make the identification.
Now what we have to do is listen to the message on the answering machine. To perform this last step it is necessary to know the victim's telephone operator and hope that this has the secretariat enabled.
Ps. I thank my friend b1rd4ck for being available for testing. 

(In) Security of mobile operators

I made a brief tour online selecting the most well-known telco and the result that emerged is worrying: all use  unsafe systems for access to the answering machine or bypassed by techniques known for some time . In addition, some operators  enable the voicemail on all their Sims by default .
Let's see them one by one:

Tim

Number of the answering machine to call 41919 if you are abroad, you must dial the same number with the prefix number 36 and enter # following the connection.
The personal code to access the voicemail is made up of 8 digits and to set it, call 40920 from your mobile phone. Otherwise, send a text message with the text "ST" (space) "8-digit number".
Through the " Caller ID Spoofing " you can call 41919 and access the secretariat and listen to all the messages of the victim.
Vulnerable also to  SMS ID Spoofing , it is possible to send a sms with falsified sender and identical to the victim's number by activating and / or modifying the 8-digit code arbitrarily.
Tip : to completely deactivate the Telephone Answering Machine, just type in the phone keypad  ## 002 # ENTER. 

Vodafone

If you had to commit a minimum with Tim, Vodafone provides a predefined code to make the first access. Also in this case, if the victim does not know these particular instructions (most of them), it is always possible to spoof the sender's number to access the secretariat by calling the number 42020 and using the code 123456. 

Wind

To listen to Wind's answering machine, you can call 4200 from the same phone, instead of other phones use the number 3232054200.
Kindly Wind reminds you that:
Remember that if you listen to your Answering Machine from another phone or from abroad, you will be asked for the access code. The standard code is 2121 or 1111 if your subscription or your rechargeable has been activated after June 14, 2004 . The access code guarantees the confidentiality of your messages and protects them from unwanted listening, so we suggest you modify it and store it.
We are in a situation where it is not necessary to use any type of technique, just call the office and enter the required codes. If the victim has been scrupulous and has replaced the code, just reapply the calling id's spoofing technique.
It is strongly recommended that you change your code or deactivate the answering machine by dialing this code: ## 62 # enter

Three Italy

To access the answering machine of 3 you must contact the number 4133 from your phone. While from abroad and from other fixed numbers dialing the number +39 393 393 4133. If you call from other numbers you must authenticate and to do so you must have the PIN available (which corresponds to the original PIN code of your Sim on activation and which also allows you to access the Webmail service) followed by the # key.
Also in this case, calling the victim number to the secretariat can be accessed without using the Pin bypassing the authentication system.
To disable any call transfer (also to the answering machine) just enter, directly from your phone, the string ## 002 # and give Enter

Conclusion

As we have seen, operators overlook the security of these services and do not think about a possible violation of the voicemail boxes. On the other hand, many users do not know they have this service active and this factor becomes essential for an attacker who wants to take possession of your Whatsapp account. So we just have to turn off the answering machine until they have fixed things.
It seems clear that there is nothing interesting in violating someone's Whatsapp account except for some silly jokes. Also because you will end up with no message to read and some more legal problems.
The important thing is that in all this there is your privacy. If you still care about what you keep online, on your phone or the messages left in your voicemail, then turn it off and you'll live a little more serene.
At the moment.
To avoid that you try to make unauthorized access to the secretariats of your acquaintances, I avoid to deepen the discussion on the mentioned Spoofing techniques. I would also ask you not to write to me privately about how you can do it. The unauthorized access to the secretariats of other people can be considered acrime so I strongly advise against trying. What is just written is only to raise awareness of a more informed use of the Internet how this system works and therefore, how to stay away from these security problems.

Admin

when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries.

No comments:

Post a Comment

Start typing and press Enter to search