Hacker finds another WhatsApp Vulnerability
It seems that WhatsApp is full of vulnerabilities. Last year in May, it was revealed to the world that WhatsApp accounts could be hijacked without the user knowing it. This year in January, we came to know that the status of a WhatsApp user could be changed remotely. It was found in May 2011 that WhatsApp sends communication in plaintext and was fixed a year later in May this year. It hasn’t been a long time since these vulnerabilities were fixed. Now there’s a new vulnerability to make both WhatsApp and its users to worry about.
According to the Wikipedia page for WhatsApp,
WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).Upon installation, it creates a user account using one’s phone number as username (Jabber ID:Â
[phone number]@s.whatsapp.net
) and an MD5-hashed, reversed-version of the phone’s IMEI as password.
And really, WhatsApp uses exactly the same procedure mentioned above without any variation. Neither there is any salting of the hash nor obfuscated MD5 variant. For example, on Android platform you can find any WhatsApp password using IMEI number with a single line of code given below:
md5(strrev(‘your-imei-goes-here’))
Finding the username is even more simpler. Your phone number is your username!
There are multiple ways through which one can find someone’s IMEI number:
- Through direct access to the victims phone. Jost dial & call *#06# (in most cases) and you’ll get the IMEI number.
- An app that silently sends the victims IMEI number to a server in the background (many applications do this already) & phone number, either by letting users fill it in themselves in a registration part of the app, or also silently (this method however isn’t always airtight but works in a lot of cases).
- A hacker leaks a database/file with IMEI numbers with associated phone numbers.
- A spammer buys this information from an app developer.
SAMPLE ANDROID CODE:
To retrieve IMEI number:
TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
String device_id = tm.getDeviceId();
To retrieve  phone number:
TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);
mPhoneNumber = tMgr.getLine1Number();
To retrieve voicemail number (just for fun):
TelephonyManager.getCompleteVoiceMailNumber();
By implementing this code you can tap anybody’s WhatsApp messages. You can hack anybody’s WhatsApp account with just their IMEI numbers.
This vulnerability can leak user’s sensitive data and messages. Or it is possible that it may already have been happening with users or maybe with you!
So next time think twice before sending any sensitive information or receiving any message over WhatsApp because you never know where is it going or from where is it coming. It may be possible that there may be  a hacker on the other end. WhatsApp is far from secure right now.
Source: SamGranger.com
Comments
0 comments
Umangjeet Pahwa read this!
Yes, trying to find where it stores on the mobile device
I knew it uses Jabber(XMPP) behind it.. bt dint know that its just a plain MD5 hash
Umangjeet Pahwa read this!
I knew it uses Jabber(XMPP) behind it.. bt dint know that its just a plain MD5 hash
Yes, trying to find where it stores on the mobile device
Please help me in hacking of 1 GB free data usage in my number 8984736446.
We are really sorry. We don't help in hacking !!
Please help me in hacking of 1 GB free data usage in my number 8984736446.
We are really sorry. We don't help in hacking !!
Please help me in hacking of 1 GB free data usage in my number 8984736446.
We are really sorry. We don't help in hacking !!
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
Anyone can help me, how to make whatsapp account with fake phone number?
I don't want my chat friend know my real phone number.
how to do that'?
razali.adam@gmail.com
Anyone can help me, how to make whatsapp account with fake phone number?
I don't want my chat friend know my real phone number.
how to do that'?
razali.adam@gmail.com
Anyone can help me, how to make whatsapp account with fake phone number?
I don't want my chat friend know my real phone number.
how to do that'?
razali.adam@gmail.com
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need help how can I make username and password in wharssap.
I need help how can I make username and password in wharssap.
I need help how can I make username and password in wharssap.
I need help how can I make username and password in wharssap.
I need help how can I make username and password in wharssap.
Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
now. But, what concerning the bottom line? Are you certain about the source?
Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
now. But, what concerning the bottom line? Are you certain about the source?
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
Any one please help me I have EMI number how can i know whatsap number use in this device or how can i know sim mobile number?? vivek.pandey@credr.com
I need help how can I make username and password in wharssap.
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need help how can I make username and password in wharssap.
Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
now. But, what concerning the bottom line? Are you certain about the source?
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
Any one please help me I have EMI number how can i know whatsap number use in this device or how can i know sim mobile number?? vivek.pandey@credr.com
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
Umangjeet Pahwa read this!
I knew it uses Jabber(XMPP) behind it.. bt dint know that its just a plain MD5 hash
Yes, trying to find where it stores on the mobile device
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
Any one please help me I have EMI number how can i know whatsap number use in this device or how can i know sim mobile number?? vivek.pandey@credr.com
Thanks , I’ve just been searching for info approximately this subject for a while and yours is the best I’ve discovered till
now. But, what concerning the bottom line? Are you certain about the source?
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
Umangjeet Pahwa read this!
I knew it uses Jabber(XMPP) behind it.. bt dint know that its just a plain MD5 hash
Yes, trying to find where it stores on the mobile device
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
Anyone can help me, how to make whatsapp account with fake phone number?
I don't want my chat friend know my real phone number.
how to do that'?
razali.adam@gmail.com
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
My phone got stolen.it has whatsapp.can i get imei no of my stolen mobile using the number on which my whatsapp is running on the stolen mobile
Any one please help me I have EMI number how can i know whatsap number use in this device or how can i know sim mobile number?? vivek.pandey@credr.com
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
Please help me in hacking of 1 GB free data usage in my number 8984736446.
We are really sorry. We don't help in hacking !!
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I tried to login using jabber with username as "my10digitphonenumber@s.whatsapp.net" and password as "md5(strrev(myIMEInumber))" tried even addinf country code.. stil not working.
I need your help to understand, where should I login? or what is the procedure to use the user name and password? or from where should I use the following login procedure is it available in whatsapp application..
I need help how can I make username and password in wharssap.