Warning: mt_rand(): max(-1) is smaller than min(0) in /home4/imshash/public_html/dailyjag.com/wp-content/plugins/better-backgrounds/better-backgrounds.php on line 377

Warning: Cannot modify header information - headers already sent by (output started at /home4/imshash/public_html/dailyjag.com/wp-content/plugins/better-backgrounds/better-backgrounds.php:377) in /home4/imshash/public_html/dailyjag.com/wp-content/plugins/wp-greet-box/includes/wp-greet-box.class.php on line 493
Another WhatsApp Vulnerability Leaked: IMEI Number As Password - Dailyjag
Published On: Tue, Sep 11th, 2012

Hacker finds another WhatsApp Vulnerability

WhatsApp

It seems that WhatsApp is full of vulnerabilities. Last year in May, it was revealed to the world that WhatsApp accounts could be hijacked without the user knowing it. This year in January, we came to know that the status of a WhatsApp user could be changed remotely. It was found in May 2011 that WhatsApp sends communication in plaintext and was fixed a year later in May this year. It hasn’t been a long time since these vulnerabilities were fixed. Now there’s a new vulnerability to make both WhatsApp and its users to worry about.

According to the Wikipedia page for WhatsApp,

WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).Upon installation, it creates a user account using one’s phone number as username (Jabber ID: [phone number]@s.whatsapp.net) and an MD5-hashed, reversed-version of the phone’s IMEI as password.

And really, WhatsApp uses exactly the same procedure mentioned above without any variation. Neither there is any salting of the hash nor obfuscated MD5 variant. For example, on Android platform you can find any WhatsApp password using IMEI number with a single line of code given below:

md5(strrev(‘your-imei-goes-here’))

Finding the username is even more simpler. Your phone number is your username!

There are multiple ways through which one can find someone’s IMEI number:

  1. Through direct access to the victims phone. Jost dial & call *#06# (in most cases) and you’ll get the IMEI number.
  2. An app that silently sends the victims IMEI number to a server in the background (many applications do this already) & phone number, either by letting users fill it in themselves in a registration part of the app, or also silently (this method however isn’t always airtight but works in a lot of cases).
  3. A hacker leaks a database/file with IMEI numbers with associated phone numbers.
  4. A spammer buys this information from an app developer.

SAMPLE ANDROID CODE:

To retrieve IMEI number:

TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

String device_id = tm.getDeviceId();

To retrieve  phone number:

TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);

mPhoneNumber = tMgr.getLine1Number();

To retrieve voicemail number (just for fun):

TelephonyManager.getCompleteVoiceMailNumber();

By implementing this code you can tap anybody’s WhatsApp messages. You can hack anybody’s WhatsApp account with just their IMEI numbers.

This vulnerability can leak user’s sensitive data and messages. Or it is possible that it may already have been happening with users or maybe with you!

So next time think twice before sending any sensitive information or receiving any message over WhatsApp because you never know where is it going or from where is it coming. It may be possible that there may be  a hacker on the other end. WhatsApp is far from secure right now.

Source: SamGranger.com

About the Author

- A freak always looking for something new to learn and explore. Love to explore and learn new things. Always looking out for fun, thrill and excitement. Love being busy...



  1. Umangjeet Pahwa read this!

  2. Priyanka Pal says:

    Please help me in hacking of 1 GB free data usage in my number 8984736446.

  3. Anonymous says:

    I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  4. Anonymous says:

    I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  5. Ayah Dek Echa says:

    Anyone can help me, how to make whatsapp account with fake phone number?
    I don't want my chat friend know my real phone number.
    how to do that'?

    razali.adam@gmail.com

  6. Pragnav Patel says:

    I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  7. Pragnav Patel says:

    I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  8. Pragnav Patel says:

    I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  9. Pragnav Patel says:

    I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  10. Rafi Ullah says:

    I need help how can I make username and password in wharssap.

  11. Rafi Ullah says:

    I need help how can I make username and password in wharssap.

  12. Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
    now. But, what concerning the bottom line? Are you certain about the source?

  13. Bin Yoosuf says:

    My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  14. Bin Yoosuf says:

    My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Related News:



Recommended Posts