After the recent Apple-FBI tussle, encryption for smartphones and services had become a huge debate. Recently, Facebook-owned popular messaging service WhatsApp had turned on end-to-end encryption for its billion users worldwide. The end-to-end encryption ensures that any messages exchanged on the platform can strictly be accessed only by the sender and the recipient. And the encryption, in turn, makes it extremely difficult for a hacker or even the service provider to access the conversation. Besides WhatsApp, another instant messaging platform Telegram had become highly popular for its encryption features. Also Read - Tips to prevent unknown users from adding you to WhatsApp groupsAlso Read - WhatsApp tips: How to make video call on WhatsApp via laptop or PC
While the encryption is likely to make these services more secure, researchers at Positive Technologies have discovered a loophole that allows anyone to hijack WhatsApp and Telegram accounts. According to researchers, a flaw in a critical piece of telecom networks called System Signalling No 7 (SS7) allows hackers to easily hijack WhatsApp accounts. Hackers can exploit the SS7 loophole to create an identical WhatsApp account of an existing one and then receive all messages and information that the targeted user account was intended to receive. Also Read - WhatsApp's View Once feature will make photos and videos vanish once seen
The hijacking is done by misleading the telecom networks in believing that the hacker s number is that same as the victim s. Meaning, a hacker can easily set up a new (duplicate) WhatsApp account with the victim s contact number and receive all the OTPs and security code that confirm the authenticity of a user. Once the account is set up, a hacker can easily ape the victim and access their send and receive messages.
Responding to an increasing concern for improved user security, another online messenger platforms like Viber adopted the high security encryption, and this week even Facebook announced that it would soon introduce end-to-end encryption to its Messenger service.
Watch the video below, which shows a hacker can hijack an end-to-end encrypted WhatsApp Messenger in no time.