Monthly Archives: April 2015

Siri helps, also to hijacking your WhatsApp.

If ask Siri your contact phone number, or by typping *#5005*74663# in the emergency dialer from the lock screen, in a few minutes, anyone with physical access to your iPhone (or remotely by accessing your voicemail) can take control of your WhatsApp account, without knowing your passcode, and thus obtaining from the groups the phone number of participants and …

If someone steals your device and knows your phone number, can hijack your WhatsApp by installing it in another device and asking for the verification call. Each new login increases the timeout to you can get back your WhatsApp, therefore, depending on how many consecutive logins made before you recover your phone number, your WhatsApp could get hijacked for minutes or several days.

And, once the attacker has taken control of your account, what if the process is done with WhatsApp Web, just to spy?

WhatsApp should use a more secure login?? … a two-step verification, or configuring a security question in the first login, or a PIN code, or that besides the phone number, ask for an email or something else… What do you think? How would you feel if someone hijacks your WhatsApp for a few minutes …or days?

( I think mostly instant messaging apps need a 2-step verification process and longer waiting time to proceed with the verification call. )

If your iPhone is misplaced, I think better not having Siri enabled on lock screen; the bad side is that you are discarding (among many other great things that Siri can do for you) the possibility that whoever finds your iPhone can give it back to you asking your information to Siri, but someone asking Siri could get much more than the owner’s identity.

Siri reads all notifications aloud, even those that you had blocked in the lock screen, allowing for example the person who steals your iPhone can check a SMS/Mail verification code to login in your WhatsApp / Line / Telegram… or any other online service, from another device.

Also, maybe you have apps that could show private or sensible notifications on lock screen, so maybe you would like to disable “Show on Lock Screen” for a particular app in Settings – Notifications, and even turn off the “Notifications View” in Settings – (Touch ID &) Passcode, for Not allow access when locked, but if ask Siri, will read all notifications aloud, including which are not allowed on the lock screen.

( I think would be great a handful of toggles on Settings – (Touch ID &) Passcode – Siri ; We could choose what Siri does and what not when our iDevice is Passcode Locked, gaining privacy without giving up the power of Siri on lockscreen. )

Recommended Read: “How Easy Is It To Hijack A Whatsapp User’s Account?” (by Kevin Costain) http://blogging.cwl.cc/2013/02/how-easy-is-it-to-hijack-a-whatsapp-user-account.html