Beware, Hackers Using MMI Trick To Steal WhatsApp Accounts

A trick lets attackers hijack the victim’s WhatsApp account and gain access to their messages and contacts.

The technique relies on mobile carriers using an automated service to forward calls to another phone number, as well as WhatsApp’s ability to provide a single-time password (OTP) confirmation code through a phone call.

WhatsApp MMI Code Trick

Rahul Sasi, chief executive officer and founder of the CloudSEK, a company that provides digital risk protection CloudSEK has shared some details regarding the technique, stating that it was employed to hack into WhatsApp account.

A group of professionals conducted tests and discovered that the method is effective however there are some caveats that an experienced attacker could easily overcome.

It will take only an hour for the attacker to gain access to an account on the WhatsApp account of a victim. However, they must know the number of the person they are targeting and be prepared to do social engineering.

Sasi says that an attacker first needs to convince the victim to make a call to a number that starts with a Man Machine Interface (MMI) code that the mobile carrier set up to enable call forwarding.

Depending on the provider or the type of service, an alternative MMI code could forward all calls to a different number or only when the line is full and there’s no a reception.

The codes begin with the star (*) or the hash (#) symbol. They can be found easily, and based on our research, the majority of mobile networks support these codes.

“First, you’ll get an unknown call from the attacker, who will try to convince you to place an anonymous call to the number *405 or 67. In a matter of minutes, you will be notified that your account will be deleted and attackers will have complete control over your account”.

The researcher clarifies that the 10-digit number is associated with the attacker and the MMI code that is in front of it instructs the mobile operator to forward all messages to the number that is after it when it is full.

Once they tricked the victim into forwarding calls to their number, the attacker starts the WhatsApp registration process on their device, choosing the option to receive the OTP via voice call.

Some Red Flags

Once they’ve received the OTP code, The attacker can register with the user’s WhatsApp accounts on the device and activate 2-factor authentication (2FA) that blocks legitimate owners from gaining access.

Although the process appears to be easy, getting it to work takes a bit more time and effort, professionals discovered while testing.

In the beginning, the attacker will ensure that they have an MMI code that forwards all calls regardless of the victim’s status (unconditionally). For instance, if an MMI will only forward calls when the call is in a queue, then call waiting can result in the hijack failing.

During testing phase, Professionals noticed that the target device was also receiving text messages informing that WhatsApp is being registered on a different device.

Users may miss this warning if the attacker also turns to social engineering and engages the target in a phone call just long enough to receive the WhatsApp OTP code over voice.

Mobile carriers warn users when call forwarding becomes active

Even with this visible warning, the threat actors have a high chance of succeeding because the majority of users aren’t aware of the MMI codes or mobile phone settings that disable forwarding calls.

Despite these challenges, malicious actors with social engineering abilities can create an attack plan that allows them to keep the victim occupied on the phone line until they obtain the OTP code that allows them to sign up the victim’s WhatsApp accounts on the device.

Professionals has conducted tests by using mobile applications provided by Verizon along with Vodafone and concluded that an attacker who has a plausible scenario could be able to take over WhatsApp accounts.

Sasi’s blog post is about Airtel and Jio mobile operators, each of which had more than 400 million customers in December, according to data released by the public.

Protection against such attacks is as simple as switching on two-factor authentication in WhatsApp. This feature stops malicious actors from gaining control over the account by asking for a PIN when you sign up for your phone via the messaging application.

Related Valuable Stories:

• Microsoft: “Follina” Will Affect All Currently Supported Windows Versions

• 3.6 Million MySQL Servers Found Exposed On The Internet

• Warning: Chrome Loader Targets Browser With Malicious ISO Files

• See What Leaked Documents From Facebook Tells About Users Data

• FBI: Hackers Injected Malicious PHP Code to Scrape Credit Card Data