According to the information provided by the Israel’s cyber-security agency, a warning has been issued to all the Whatsapp users that hackers can easily hack their accounts with a trick that gives unauthorized WhatsApp access to a hijacker. Voicemail accounts are pin-protected, but in most cases, people do not change their default pin (either 0000 or 1234), giving hackers a window to attack.
The hackers, as the agency warned, are gaining WhatsApp access by using voicemail accounts of the targeted users.
They can remotely access the voicemail at night (or when the real-user is away) and can ultimately hack WhatsApp.
Logging into WhatsApp (on a new device) requires phone number verification, where the service sends a security code to the number.
Normally, this should warn the real user of a potential attack, but if they’re asleep or away, the code won’t raise any alarms.
Following some text alerts, the service delivers the code via call, which, if not answered, would go straight to voicemail.
Once the call lands in voicemail, the hacker can easily get the verification code and follow the next steps to login into WhatsApp on their device.
Next, as you imagine, they can not just read your messages or download already sent media, but can also enable two-step verification to make sure you cannot get back to your WhatsApp account.
The best way out, as the agency warning noted, is to change the PIN for voicemail accounts, immediately.
Not to mention, users should make sure that two-step verification is already enabled on their WhatsApp account.
This way, WhatsApp would seek a 6-digit PIN on every new login, keeping potential hackers at bay.