Israel Sends Nation-Wide Security Alert Following Reports About Hijacked WhatsApp Accounts

A wave of reports about hijacked WhatsApp accounts in Israel has forced the government’s cyber-security agency to send out a nation-wide security alert on Tuesday, ZDNet has learned. From a report: The alert, authored by the Israel National Cyber Security Authority, warns about a relatively new method of hijacking WhatsApp accounts using mobile providers’ voicemail systems. This new hacking method was first documented last year by Ran Bar-Zik, an Israeli web developer at Oath. The general idea is that users who have voicemail accounts for their phone numbers are at risk if they don’t change that account’s default password, which in most cases tends to be either 0000 or 1234. The possibility of an account takeover happens when an attacker tries to add a legitimate user’s phone number to a new WhatsApp app installation on his own phone. Following normal security procedures, the WhatsApp service would then send a one-time code via SMS to that phone number. This would typically alert a user to an ongoing attack, but Bar-Zik argues that a hacker could easily avoid this by carrying out the attack during nighttime or when he is sure the user is away from his phone.