WhatsApp users are being targeted by a scam attacking weakly secured voicemail boxes.
According to Naked Security, a blog run by British Security Company Sophos, all a hacker needs is the victim's phone numbers.
The attack was first picked up last year - but in the past week, the attack has gone mainstream.
- WhatsApp founder Jan Koum to quit Facebook
- Revealed: Govt releases emails, WhatsApp messages on Derek Handley
- A fake WhatsApp app might be spying on you
By capitalising on users not changing the default voicemail passwords on the app, the attacker can register the victim's phone number on their own phones.
When WhatsApp gets this request to register the victim's phone number, it sends a message to the victim's phone, alerting them to the request of who owns the number, or a voicemail.
The hackers have avoided victims answering by attacking when they are asleep, on a flight or when their phones are on 'do not disturb' mode.
They then take advantage of the security flaw, which means many customers are given a generic phone number to call to retrieve voicemails.
If users haven't changed their four-digit voicemail pin, then it will be something common like 1234.
The hackers simply enter the password and have access to the inbox, allowing them to retrieve the six-digit pre-recorded WhatsApp message.
Entering the code into their own advice, they now have complete access.
In Israel, the National Cybersecruity Authority has issued a nationwide warning that they could lose their account.
Authorities are reminding people to change their voicemail passwords to something that combines numbers symbols and upper and lowercase letters.
Newshub.
