10 Ways Your WhatsApp Messages Can Be Hacked

Trending 1 week ago

WhatsApp offers galore information features for illustration end-to-end encryption, for example, that effort to support your messages private. However, arsenic bully arsenic these information measures are, WhatsApp still isn't immune to hacks, which tin extremity up compromising nan privateness of your messages and contacts.

Don't return our connection for it: conscionable spell and spot really galore "How to hack WhatsApp" guides you'll find connected nan internet.

As knowing is half nan battle, if we are simply alert of vulnerabilities, we tin past return actual steps to debar comprising ourselves. To that end, present are nan apical ways done which WhatsApp tin beryllium hacked, which you should beryllium wary of.

1. Remote Code Execution via GIF

In October 2019, security interrogator Awakened revealed a vulnerability successful WhatsApp that fto hackers return power of nan app utilizing a GIF image. The hack useful by taking advantage of nan measurement WhatsApp processes images erstwhile nan personification opens nan Gallery position to nonstop a media file.

When this happens, nan app parses nan GIF to show a preview of nan file. GIF files are typical because they person aggregate encoded frames. This intends that codification tin beryllium hidden wrong nan image.

If a hacker were to nonstop a malicious GIF to a user, they could discuss nan user's full chat history. The hackers would beryllium capable to spot who nan personification had been messaging and what they had been saying. They could besides spot users' files, photos, and videos sent done WhatsApp.

The vulnerability affected versions of WhatsApp up to 2.19.230 connected Android 8.1 and 9. Fortunately, Awakened disclosed nan vulnerability responsibly, and past WhatsApp patched nan issue. So, to debar getting your WhatsApp hacked done specified loopholes, make judge you get your WhatsApp updated regularly.

2. The Pegasus Voice Call Attack

Man Making Phone Call connected Smartphone

Another WhatsApp vulnerability discovered successful early 2019 was nan Pegasus sound telephone malware hack.

This scary onslaught allowed hackers to entree a instrumentality simply by placing a WhatsApp sound telephone to their target. Even if nan target didn't reply nan call, nan onslaught could still beryllium effective. The target whitethorn not moreover beryllium alert that malware has been installed connected their device.

The hack worked done a method known arsenic buffer overflow. This is wherever an onslaught deliberately puts truthful overmuch codification into a mini buffer that it "overflows" and writes codification into a location it shouldn't beryllium capable to access. Naturally, erstwhile nan hacker tin tally codification successful a location that should beryllium secure, they tin return further malicious steps.

After nan first step, nan attacker past installed an older and well-known portion of spyware called Pegasus that lets hackers cod information connected telephone calls, messages, photos, and videos. In fact, nan spyware moreover lets them activate devices' cameras and microphones to return recordings.

This vulnerability is applicable connected Android, iOS, Windows 10 Mobile, and Tizen devices. It was utilized by nan Israeli firm, NSO Group, for example, which has been accused of spying connected Amnesty International unit and different quality authorities activists. After news of nan hack collapsed out, WhatsApp information squad updated nan app to protect it from this attack.

If you are moving WhatsApp type 2.19.134 aliases earlier connected Android aliases type 2.19.51 aliases earlier connected iOS, past make judge you person updated your app.

Look up immoderate WhatsApp hacking guide, and you'd beryllium hard-pressed to not brushwood social engineering attacks, which utilization quality psychology to bargain information aliases dispersed misinformation.

Security firm, Check Point Research, revealed 1 specified illustration of this attack, which they named FakesApp. In a manner akin to different social-engineering scams, this onslaught worked by letting nan hackers misuse nan quote characteristic successful a group chat and past change nan matter of different person's reply. Essentially, hackers could works clone statements that look to beryllium from different morganatic users.

The researchers could do this by decrypting WhatsApp communications. This allowed them to spot information sent betwixt nan mobile and nan web versions of WhatsApp. From here, they could alteration values successful group chats.

Then they could impersonate existent people, sending messages that appeared to beryllium from them. They could besides alteration nan matter of replies. Naturally, this could beryllium utilized successful worrying ways to dispersed scams aliases clone news.

Even though nan vulnerability was disclosed successful 2018, it had still not been patched by nan clip nan researchers said astatine nan Black Hat convention successful Las Vegas successful 2019, according to ZNet. It, therefore, becomes captious that you learn really to admit WhatsApp scams and support reminding yourself of these reddish flags periodically.

Media record jacking affects some WhatsApp and Telegram. This onslaught takes advantage of nan measurement apps person media files for illustration photos aliases videos and constitute those files to a device's outer storage.

The onslaught starts by installing malware hidden wrong an apparently harmless app. This counterfeit app tin past show each incoming files connected Telegram aliases WhatsApp. And erstwhile a caller record comes in, nan malware whitethorn easy switch retired nan existent record for a clone one.

Symantec, nan institution that discovered nan rumor successful 2019, suggested it could beryllium utilized to scam group aliases to dispersed clone news. WhatsApp has since updated retired galore on-screen features and information definitions that make media jacking difficult.

That said, it's a bully thought to bring down nan consequence of media record jacking by turning disconnected nan characteristic that saves your media files into outer storage. To do that, caput to Settings > Chats and scroll down to nan Chat settings options. From location toggle disconnected nan Media visibility option, and you will beryllium set.

To enactment moreover much mindful of nan media files you download done your chats, you tin besides move disconnected nan auto-download characteristic connected WhatsApp. In fact, this is simply a bully believe if you want to debar media from chartless sources. Again, caput to Settings and click connected Storage and data. From nan Media auto-download section, you tin past disable auto-download for each media files for 3 different scenarios (Wi-Fi, Mobile data and Roaming).

5. Facebook Could Spy connected WhatsApp Chats

Man beside smartphone displaying Facebook icon

In an official blog post, WhatsApp asserted that because of its end-to-end encryption technology, it is intolerable for Facebook to publication WhatsApp content.

Developer Gregorio Zanon stated successful a Medium article that this is not strictly true. The truth that WhatsApp uses end-to-end encryption does not mean each messages are private. On an operating strategy for illustration iOS 8 and above, apps tin entree files successful a "shared container."

Both nan Facebook and WhatsApp apps usage nan aforesaid shared instrumentality connected devices. And while chats are encrypted erstwhile they are sent, they are not needfully encrypted connected nan originating device. This intends nan Facebook app could perchance transcript accusation from WhatsApp.

There is nary grounds that Facebook has utilized shared containers to position backstage WhatsApp messages. But nan imaginable is there. Even pinch end-to-end encryption, your messages whitethorn not beryllium backstage from nan all-capturing nett of Facebook.

You'd beryllium amazed really galore paid ineligible apps person sprung up successful nan market, which solely beryllium for hacking into unafraid systems. It's ace easy to transportation retired covert WhatsApp hacks done this method.

Apps for illustration Spyzie and mSPY tin easy hack into your WhatsApp relationship to bargain your backstage data. All you request to do is acquisition nan app, instal it, and activate it connected nan target phone. You tin past simply beryllium backmost and link to your app dashboard from nan web browser, and snoop successful connected backstage WhatsApp data.

Suffice it to opportunity that we powerfully counsel everyone to refrain from really utilizing these apps for malicious purposes.

7. Fake WhatsApp Clones

using whatsapp laptop

Using clone website clones to instal malware is an aged hacking strategy still implemented by cybercriminals each complete nan world. These clone sites are known arsenic malicious websites.

The illicit hacking maneuver has now besides been adopted for breaking into Android systems. To transportation retired a WhatsApp hack connected your account, an attacker will effort to instal a clone of WhatsApp, which mightiness look strikingly akin to nan original app.

To protect yourself from this WhatsApp hack connected your Android, therefore, it's important that you don't instal immoderate apps from untrustworthy sources.

8. WhatsApp's Web Version

whatsapp web location page

As useful arsenic WhatsApp's web type is, it tin beryllium easy utilized to hack into your WhatsApp chats. This threat peculiarly comes up erstwhile you're utilizing WhatsApp Web connected personification else's computer.

So, if you aliases nan proprietor of nan machine has selected nan keep maine signed in checkbox during login, past your WhatsApp relationship will enactment signed successful moreover aft you've closed nan browser. The machine proprietor tin past entree your accusation without overmuch difficulty.

using whatsapp web connected laptop smartphone

You tin debar this by making judge that you log retired from WhatsApp Web earlier you leave, arsenic good arsenic un-checking nan imperishable sign-in checkbox.

But arsenic they say, prevention is amended than cure. Your champion attack to debar immoderate unlawful relationship takeovers will beryllium to debar utilizing thing different than your individual machine for nan web type of WhatsApp altogether.

9. Exporting Your Chats

This isn't nan accepted method you'd find successful nan "how to hack someone's WhatsApp" guides. This 1 simply requires beingness entree to your smartphone.

And no, nan hacker doesn't request a batch of clip pinch your phone, either; conscionable a fewer seconds is enough. This gives them capable clip to export your messages to a location they tin later access. It could beryllium anything: an email account, unreality storage, aliases moreover a messaging app.

Once a hacker has entree to your phone, each they person to do is move to a circumstantial chat, click connected nan Export chat option, and prime nan location they'd for illustration to move your connection history to.

The solution? The ironclad measurement to protect yourself is to support your telephone distant from unfamiliar hands astatine each times. Furthermore, you person nan action to alteration fingerprint fastener for your WhatsApp. Here's how:

  1. Head to Accounts > Privacy > Fingerprint lock.
  2. Toggle nan Unlock pinch fingerprint option on, and group nan fastener activation to Immediately.

Now, each clip your WhatsApp is picked up aft inactivity, your fingerprints will beryllium required to motorboat nan app.

10. Keyloggers


A keylogger is simply a package designed to grounds everything you type connected your machine aliases smartphone. As you tin astir apt guess, nan hacker tin usage this for a assortment of nefarious things, specified arsenic importing passwords, and basal accusation from documents aliases emails, etc. So if personification has managed to instal a keylogger connected your PC aliases smartphone, past it's safe to presume your WhatsApp messages—like each your different individual information—have been covertly compromised by a hacker.

While a detailed chat astir keyloggers is retired of nan scope of this article, you tin return immoderate measures to protect yourself. For example, refraining from giving distant your devices to people, utilizing well-known antivirus programs, and regularly updating your instrumentality package are notable ways to protect yourself from a keylogger and debar getting your WhatsApp messages hacked.

11. Call Forwarding Scams

A caller WhatsApp calling scam has wreaked havoc successful 2023, allowing hackers to discuss your WhatsApp account. The hack useful by nan hacker calling and convincing you to make a telephone to a number opening pinch a Man Machine Interface (MMI) code, i.e., nan numbers that statesman pinch hash aliases star code. Usually, a 10-digit number besides follows this code. For example, it will beryllium a number for illustration **67*<10 digit number> aliases *405*<10 digit number>.

As soon arsenic you dial up nan number, your phone's telephone forwarding characteristic will beryllium activated and each your calls will beryllium sent to nan attacker. It's a reasonably elemental occupation for nan hacker from here. All they person to do is re-register your relationship connected WhatsApp done a telephone telephone (instead of an OTP). It's a terrible information interest for WhatsApp.

So, make judge you don't return up calls aliases execute immoderate actions connected calls from strangers who could possibly beryllium an online hacker. We besides propose you enable two-factor authentication and tighten up nan information a small more. Above all, however, make judge you enactment updated connected nan latest cyber-security trends and updates.

Stay Aware of Security Issues connected WhatsApp

These are conscionable a fewer examples of really your WhatsApp tin beryllium hacked. While WhatsApp has patched immoderate of these issues since their disclosure, immoderate anemic spots persist, truthful it's important to enactment vigilant. To study much astir whether WhatsApp is safe, you request to brushwood up your knowledge of WhatsApp information threats.

Source Tutorials