WhatsApp
Technology Breaking News

Hacker finds another WhatsApp Vulnerability

It seems that WhatsApp is full of vulnerabilities. Last year in May, it was revealed to the world that WhatsApp accounts could be hijacked without the user knowing it. This year in January, we came to know that the status of a WhatsApp user could be changed remotely. It was found in May 2011 that WhatsApp sends communication in plaintext and was fixed a year later in May this year. It hasn’t been a long time since these vulnerabilities were fixed. Now there’s a new vulnerability to make both WhatsApp and its users to worry about.

According to the Wikipedia page for WhatsApp,

WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).Upon installation, it creates a user account using one’s phone number as username (Jabber ID: [phone number]@s.whatsapp.net) and an MD5-hashed, reversed-version of the phone’s IMEI as password.

And really, WhatsApp uses exactly the same procedure mentioned above without any variation. Neither there is any salting of the hash nor obfuscated MD5 variant. For example, on Android platform you can find any WhatsApp password using IMEI number with a single line of code given below:

md5(strrev(‘your-imei-goes-here’))

Finding the username is even more simpler. Your phone number is your username!

There are multiple ways through which one can find someone’s IMEI number:

  1. Through direct access to the victims phone. Jost dial & call *#06# (in most cases) and you’ll get the IMEI number.
  2. An app that silently sends the victims IMEI number to a server in the background (many applications do this already) & phone number, either by letting users fill it in themselves in a registration part of the app, or also silently (this method however isn’t always airtight but works in a lot of cases).
  3. A hacker leaks a database/file with IMEI numbers with associated phone numbers.
  4. A spammer buys this information from an app developer.

SAMPLE ANDROID CODE:

To retrieve IMEI number:

TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

String device_id = tm.getDeviceId();

To retrieve  phone number:

TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);

mPhoneNumber = tMgr.getLine1Number();

To retrieve voicemail number (just for fun):

TelephonyManager.getCompleteVoiceMailNumber();

By implementing this code you can tap anybody’s WhatsApp messages. You can hack anybody’s WhatsApp account with just their IMEI numbers.

This vulnerability can leak user’s sensitive data and messages. Or it is possible that it may already have been happening with users or maybe with you!

So next time think twice before sending any sensitive information or receiving any message over WhatsApp because you never know where is it going or from where is it coming. It may be possible that there may be  a hacker on the other end. WhatsApp is far from secure right now.

Source: SamGranger.com

Comments

0 comments

72 Comments

  1. I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  2. I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  3. I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  4. I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  5. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  6. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  7. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  8. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  9. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  10. Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
    now. But, what concerning the bottom line? Are you certain about the source?

  11. Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
    now. But, what concerning the bottom line? Are you certain about the source?

  12. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  13. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  14. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  15. I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  16. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  17. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  18. Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
    now. But, what concerning the bottom line? Are you certain about the source?

  19. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  20. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  21. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  22. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  23. Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
    now. But, what concerning the bottom line? Are you certain about the source?

  24. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  25. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  26. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  27. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  28. I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.

  29. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  30. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  31. My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile

  32. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  33. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

  34. I tried to login using jabber with username as &#34my10digitphonenumber@s.whatsapp.net&#34 and password as &#34md5(strrev(myIMEInumber))&#34 tried even addinf country code.. stil not working.

  35. I tried to login using jabber with username as &#034my10digitphonenumber@s.whatsapp.net&#034 and password as &#034md5(strrev(myIMEInumber))&#034 tried even addinf country code.. stil not working.

  36. I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..

Leave a Reply