In Cuba the telecoms/ ISP monopoly, Etecsa, works with the political police to spy on dissidents, journalists and others. A common attack in Cuba is therefore SIM Swapping which is easy for them. It is also effective in order to eavesdrop on phone conversations and SMS. My question is: Would the SIM Swap enable the attacker to also hack WhatsApp, Signal or Telegram and gain access to these messages or calls? If so, are there any measures that can be taken to prevent the attacker from accessing the secure messaging apps via a SIM Swap attack? Thank you very much for your help
Well I’m not a developer so I’m here to resolve a specific question.
I have been investigating this subject for a while now and I need and opinion from experts or developers which really understand about application development (I know something but not this advance) in terms of application security.
I was wondering if someone can impersonate someone on WhatsApp. That is the main objetive of this post: to specify, clarify and how to avoid this.
There is a article from CheckPoint (https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-WhatsApp/) which talks about this in detail but Check Point has not updated the article since 2018. It wouldn’t be strange that this type of vulnerability could have evolve into one that is more serious and that implies a more serious security issue to users.
That type of vulnerability which you can buy from Black Hat hackers or directly on the Deep Web.
In relation with Check Point article, I did not buy Burp Suite Pro so I could not prove the vulnerability my self, but obviously the video shows how easy is to carry out the attack specially if you are on the same network as the victim; it’s a vicious and unethical attack.
I did an experiment which consisted on the following:
1.) Install WhatsApp on an iOS Smart Phone non-rooted. 2.) Install WhatsApp on an Android Smart Phone non-rooted. 3.) Compare two type of conversations: individual and group
It is very important to highlight that the origin of the conversations where made on an iOS Smart Phone: all the conversations where made on a first instance or their origin on an iOS Smart Phone. They where also backup on an i-Cloud account and then migrated to the Android Smart Phone with a program which is specifically design to transfer iOS WhatsApp backups to Android and files in general.
The experiment was the following:
1.) I screen shot the personal and group conversations of the iOS device before transfer them to the Android device with the program. I did this because I suspected something was strange about the conversations. They did not have any type of sense in terms of: time, date and content.
2.) The last was checked with people in person. The people did not acknowledge and didn’t know about what was talked on that WhatsApp conversations. I did some light social engineering to obtain the information so the experiment will not fail (the social engineering was made through questions not computer software) and the result was quite interesting but worrying. When I installed Whats App on the Android Smart Phone and uploaded the WhatsApp backup, the personal conversations preserved their integrity but the group conversations did not. To be more specific, the group conversations came from known contacts but they came from only TWO contacts of a group of almost 100 contacts. All the conversations made on a particular group appeared to be made up by this TWO contacts not the 100 individual contacts who appear to have done the group conversation on the iOS device; another important thing is that some parts of the group conversations where missing such as: photos, videos and other common media.
3.) I obviously did not ask the two contacts which supposedly impersonate the 100 contacts and the reason for this is quite simple: they can be the attackers or the attacker used both contacts to access the WhatsApp group and impersonate the 100 contacts with or without their consent. Both of this contacts DO NOT have programming knowledge or hacking skills what so ever but may be they have and I don’t know about it; anyway is not likely that they have this type of skills because I know them personally so I did the light social engineering again and the outcome was the same.
In conclusion I can tell you that it seems to be a way to impersonate people on group conversations now a days. The most important thing in my opinion is to realize the attack vector.
In my opinion it is important to clarify if the attack vector is through the application it self (WhatsApp), the SmartPhone or the i-Cloud, G-Mail account or may be other medium from which I’m not aware.
I would appreciate if you could be specific and may be share some documentation if it exists.
Does WhatsApp supply user data to government agencies like what Facebook or other social media does even if the regime is authoritaian?
Do government agencies ask for information about users’ text and calls from WhatsApp and do they comply with their requests?
I don’t have my phone at the moment, since I turned it over yesterday at the shop for a screen replacement. The SIM card is removed and it’s sitting in my wallet now.
When I opened WhatsApp Web a couple minutes earlier today, I was connected to my account and could send and read new messages. This connection continued for around 15 minutes or so, until it stopped receiving signal from the phone.
My question is, how was WhatsApp Web able to receive signal in the first place?
I’m interested in methods/solutions for blocking incoming and/or out-going WhatsApp requests and/or traffic on a personal home Google WiFi network.
I also have the Google WiFi app with manager/admin rights.
I was fiddling with my router’s UPnP settings and found this
Why is an external IP address showing here?
I also did a reverse IP search and to my surprise the IP 188.8.131.52 showed "UK Ministry of Defence". I am not in the UK military or on a military base.
Something fishy going on? I have already disabled Upnp.
Whatslog on Android allows you to check the online status of whatsapp users. You don’t need to scan a whatsapp qrcode, you just have to enter a phone number and it works pretty well.
I don’t understand how they do it.
I’m pretty sure they don’t use web.whatsapp.com because they don’t ask any QR code furthermore I have reverse-engineered the apk to java with jadx and I don’t see any trace of them using any “hidden” whatsapp api or anything like that.
I don’t see any communication between Whatslog and Whatsapp through Android Intents or the like.
There is this question which discusses the same thing but the answers talk about web.whatsapp but I’m pretty sure it’s not what they use : How can application like Whatsdog detect user online status from Whatsapp?