Can WhatsApp, Signal or Telegram be hacked through a SIM SWAP attack?

In Cuba the telecoms/ ISP monopoly, Etecsa, works with the political police to spy on dissidents, journalists and others. A common attack in Cuba is therefore SIM Swapping which is easy for them. It is also effective in order to eavesdrop on phone conversations and SMS. My question is: Would the SIM Swap enable the attacker to also hack WhatsApp, Signal or Telegram and gain access to these messages or calls? If so, are there any measures that can be taken to prevent the attacker from accessing the secure messaging apps via a SIM Swap attack? Thank you very much for your help

┬┐Can someone impersonate you on WhatsApp?

Well I’m not a developer so I’m here to resolve a specific question.

I have been investigating this subject for a while now and I need and opinion from experts or developers which really understand about application development (I know something but not this advance) in terms of application security.

I was wondering if someone can impersonate someone on WhatsApp. That is the main objetive of this post: to specify, clarify and how to avoid this.

There is a article from CheckPoint (https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-WhatsApp/) which talks about this in detail but Check Point has not updated the article since 2018. It wouldn’t be strange that this type of vulnerability could have evolve into one that is more serious and that implies a more serious security issue to users.

That type of vulnerability which you can buy from Black Hat hackers or directly on the Deep Web.

In relation with Check Point article, I did not buy Burp Suite Pro so I could not prove the vulnerability my self, but obviously the video shows how easy is to carry out the attack specially if you are on the same network as the victim; it’s a vicious and unethical attack.

I did an experiment which consisted on the following:

1.) Install WhatsApp on an iOS Smart Phone non-rooted. 2.) Install WhatsApp on an Android Smart Phone non-rooted. 3.) Compare two type of conversations: individual and group

It is very important to highlight that the origin of the conversations where made on an iOS Smart Phone: all the conversations where made on a first instance or their origin on an iOS Smart Phone. They where also backup on an i-Cloud account and then migrated to the Android Smart Phone with a program which is specifically design to transfer iOS WhatsApp backups to Android and files in general.

The experiment was the following:

1.) I screen shot the personal and group conversations of the iOS device before transfer them to the Android device with the program. I did this because I suspected something was strange about the conversations. They did not have any type of sense in terms of: time, date and content.

2.) The last was checked with people in person. The people did not acknowledge and didn’t know about what was talked on that WhatsApp conversations. I did some light social engineering to obtain the information so the experiment will not fail (the social engineering was made through questions not computer software) and the result was quite interesting but worrying. When I installed Whats App on the Android Smart Phone and uploaded the WhatsApp backup, the personal conversations preserved their integrity but the group conversations did not. To be more specific, the group conversations came from known contacts but they came from only TWO contacts of a group of almost 100 contacts. All the conversations made on a particular group appeared to be made up by this TWO contacts not the 100 individual contacts who appear to have done the group conversation on the iOS device; another important thing is that some parts of the group conversations where missing such as: photos, videos and other common media.

3.) I obviously did not ask the two contacts which supposedly impersonate the 100 contacts and the reason for this is quite simple: they can be the attackers or the attacker used both contacts to access the WhatsApp group and impersonate the 100 contacts with or without their consent. Both of this contacts DO NOT have programming knowledge or hacking skills what so ever but may be they have and I don’t know about it; anyway is not likely that they have this type of skills because I know them personally so I did the light social engineering again and the outcome was the same.

In conclusion I can tell you that it seems to be a way to impersonate people on group conversations now a days. The most important thing in my opinion is to realize the attack vector.

In my opinion it is important to clarify if the attack vector is through the application it self (WhatsApp), the SmartPhone or the i-Cloud, G-Mail account or may be other medium from which I’m not aware.

I would appreciate if you could be specific and may be share some documentation if it exists.

Whatsapp suspicious message

Received a message from an unknown individual on WhatsApp messenger. I did not recognize the number (the person is not on my contact list), and there is probably an attachment (4 messages were sent).

I deleted the message and the attachment without tapping to open the message (whatsapp asked whether I wanted to delete the attachment, I chose yes).

I believe the message was from a possible scammer sending a virus embedded in an attachment.

I also uninstalled and re-installed WhatsApp messenger.

A virus scan using multiple software on my phone yielded nothing was wrong.

Question 1: Are there any other steps I should do to be secure? Question 2: Is there a way to prevent random messages like this on WhatsApp? (I have blocked this specific sender but I want to prevent such messages in general)

I write message on whatsapp to stranger

I wrote few messages with girl on fotka.com (something like tinder and badoo). Girl is from Nigeria. She gave me her whatsapp’s number (with localization based in Nigeria). I downloaded whatsapp and wrote 1 message. Now I think it was silly and very,very irresponsible! And know my question is: what can be done with my number? Does someone can use it for something? Please answer me.

External IP address in router UPnP settings Whatsapp – UK Ministry of Defence IP Address?

I was fiddling with my router’s UPnP settings and found this

enter image description here

Why is an external IP address showing here?

I also did a reverse IP search and to my surprise the IP 25.54.27.39 showed "UK Ministry of Defence". I am not in the UK military or on a military base.

Something fishy going on? I have already disabled Upnp.

How can an Android app like Whatslog detect user online status from Whatsapp?

Whatslog on Android allows you to check the online status of whatsapp users. You don’t need to scan a whatsapp qrcode, you just have to enter a phone number and it works pretty well.

I don’t understand how they do it.

  • I’m pretty sure they don’t use web.whatsapp.com because they don’t ask any QR code furthermore I have reverse-engineered the apk to java with jadx and I don’t see any trace of them using any “hidden” whatsapp api or anything like that.

  • I don’t see any communication between Whatslog and Whatsapp through Android Intents or the like.

There is this question which discusses the same thing but the answers talk about web.whatsapp but I’m pretty sure it’s not what they use : How can application like Whatsdog detect user online status from Whatsapp?

Locate WhatsApp message destination

I’ve been interested in message tracing, so I played a bit with Cisco’s Packet Tracer and Wireshark.

Is it possible to locate the destination of a message (packages) been sent via WhatsApp? I am not trying to read data out of the packages, I just wonder if it is possible to trace the destination location of the message which has been received.