Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw
We continuously receive queries from readers about how to hack WhatsApp. The world’s most popular cross platform messaging App is seen to be ultimatehack by many because it has recently enabled 256-bit encryption.
For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.
Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.
The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.
You can view how researchers managed to hack WhatsApp and Telegram using the SS7 flaw below :
Both the hacks exploit the SS7 vulnerability by tricking the telecom network into believing the attacker’s phone has the same number as the victim’s phone. Once the network has been fooled, anybody, even a newbie can spy on the legitimate WhatsApp and Telegram user by creating a new WhatsApp or Telegram account using the secret code.
Once complete, the attacker now controls the account, including the ability to send and receive messages. Even more horrific is the fact that the hacker can also send messages on behalf of the victim, and read confidential messages intended for the victim without ever having to try to break strong encryption protocols.