A few days ago we had dinner with a story in which Albert Rivera, the president of the Citizens political party, denounced the illegitimate access to total control of the WhatsApp application on his mobile phone. In "El Confidencial" it has been published that Inés Arrimadas, his political partner, evidences that he has received attempts of the same type of attack on his phone.
As my computer expert eyes deduce from the photos that accompany the news, the sequence of events would be as follows:
The first step: the victim receives one or more false SMS in which the attacker sends random WhatsApp confirmation codes. These messages will serve to prepare the ground for what will come next.
The second step: the victim receives a message from the attacker through WhatsApp, impersonating the service provider, indicating that they have detected several attempts to access their account, so they request a security code received by SMS.
On the right you can see the message through WhatsApp sent by the attacker to the victim.
As a third step, the attacker tries to register the victim's phone number on his device, causing WhatsApp to send a message with a real confirmation code.
Then, as a fourth step, the victim, believing that the previous access attempts are real, actually prepared by the SMS sent by the attacker, falls into the trap and sends the WhatsApp confirmation code to it.
Finally, the attacker enters said code and has access, at least, to the victim's WhatsApp groups in "the new terminal." As WhatsApp can only be configured on a single phone, the victim loses access to the WhatsApp application on their mobile device, being fully available to the attacker.
Whoever wanted to carry out this attack knew the phone numbers configured in WhatsApp, both by Albert Rivera and by Inés Arrimadas. This may have been achieved by compromising the agenda of someone who had both contacts in theirs, or by commission by someone who could provide them.
The victim stung the hook because previously the attacker allegedly sent SMS that would make the story credible afterwards. In addition, under the pressure of the SMS, and to confirm that you do not "hack" the account you must send a confirmation code to someone who identifies as part of the WhatsApp service, it is easy not to realize that the number The telephone that sends the SMS is a +34 6 (that is, a Spanish mobile), nor that the format of the same is not identical to the one sent by WhatsApp, nor in that the message of the application contains errata like «Location» instead of «Location».
In addition, it is only for technicians to see that the IP address (probably invented) that the attacker says has been the one that he has tried to access, is not geolocated in Spain, but in Switzerland. : The use of public and accessible messaging systems from anywhere should not be used to share sensitive or compromising information.
0 Comments