Israel Sends Nation-Wide Security Alert Following Reports About Hijacked WhatsApp Accounts

A wave of reports about hijacked WhatsApp accounts in Israel has forced the government's cyber-security agency to send out a nation-wide security alert on Tuesday, ZDNet has learned. From a report: The alert, authored by the Israel National Cyber Security Authority, warns about a relatively new method of hijacking WhatsApp accounts using mobile providers' voicemail systems. This new hacking method was first documented last year by Ran Bar-Zik, an Israeli web developer at Oath. The general idea is that users who have voicemail accounts for their phone numbers are at risk if they don't change that account's default password, which in most cases tends to be either 0000 or 1234. The possibility of an account takeover happens when an attacker tries to add a legitimate user's phone number to a new WhatsApp app installation on his own phone. Following normal security procedures, the WhatsApp service would then send a one-time code via SMS to that phone number. This would typically alert a user to an ongoing attack, but Bar-Zik argues that a hacker could easily avoid this by carrying out the attack during nighttime or when he is sure the user is away from his phone.

Default passwords

[syn3rg]

strike again...

Re:Default passwords

That's the same combination I use on my luggage!

Re:Default passwords

Yes, but the point is that the users did not have a default password on their important Whatsapp account - rather, they had a default password on the "voice mail" feature that their cellphone provider has and they haven't used in a decade, and couldn't care less if anyone broke into it. Or at least they *thought* they couldn't care less. Because it now turns out that Whatsapp (and possibly other services) may leave an important message there which can let a listener take over your account.

Comment

I got that too! It read, "THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed."

Text envy

[XXongo]

Looks like they heard that the U.S. was doing an emergency broadcast text to everybody in the country, and decided that they wanted to do one, too.

This is fake

[lucasnate1]

I am Israeli and got no such message.

Re:This is fake

You got the message, but I deleted it before you read it. Sorry.

Re:This is fake

[Gravis+Zero]

I am Israeli and got no such message.

Here's the important part: are you currently located in Israel? ;)

Re:This is fake

I am a sitting U.S. president, and I never got the presidential alert. It's fake news. Bigly fake.

captcha: archfool

Re: This is fake

[lucasnate1]

Yes

Oy vey!

Dis hack is like anudda shoah!

Re:Oy vey!

anudda shoah!

When one of your core abilities is the absolute control of global news and information dissemination, it could very well be.

creimer is fat and a gay! Everybody say yay!

creimer’s dick is so small that a toddler looks like Mandingo in comparison.

Maybe we should start a GoFundMe to crowdfund penis enlargement surgery for creimer?

Re:creimer is fat and a gay! Everybody say yay!

[CaptainDork]

Is creimer orange?

12345?

That's amazing! I have the same combination on my luggage!

What is the point of WhatApp anyway?

[ctilsie242]

I've wondered about something like a UL listing, done by a non-partisan group, but would review offerings (be it apps or hardware devices) on the security they provided. This would be at different levels, similar to Europe's Sold Secure bronze/silver/gold ratings. This way, one could tell a service that offered end to end encryption and proper, auditable procedure versus some a company that has security as an afterthought at best.

I don't get the point of WhatsApp. If I want solid security, there is Signal and Telegram, both have good ratings. If I need a "corporate" messaging app, there is Slack and Skype for Business. Even Facebook Messenger can do end to end encryption with its "secret" functionality uses Signal's protocol. Why do I need an insecure messaging app when there is so much better out there?

Re:What is the point of WhatApp anyway?

[fph+il+quozientatore]

Because I can't convince all the normies around me to abandon it and switch to Signal.

Re:What is the point of WhatApp anyway?

[stephanruby]

Why do I need an insecure messaging app when there is so much better out there?

Because that would require you to convince all your relatives and friends to switch to a more secure app, which is easier said than done.

Re:What is the point of WhatApp anyway?

Easier Said than Done?

Umm.... Geocities... AIM...

What are you talking about...

People change systems all the time. Systems crash and fail all the time.

AOL used to be THE DEFAULT for getting to someone. Then... Poof, gone.

Captcha: mutable

Re: What is the point of WhatApp anyway?

There is no need of insurance for software companies because they have no financial risks from shipping software or providing a information service.

Thereâ(TM)s no UL for software because thereâ(TM)s no insurers.

Are the US&Israel's wars imminent?

Are you alerting to YHVH?!!!

Yes or Not? Take a decision!

Nation wide alerts?

Great idea. we should get something like that.
*ducks*

Re:Nation wide alerts?

They probably posted the alert on their RSS-feed and website, accessible nationwide through the magic of Internet.