Use Whatsapp? You Phone number is your Username and IMEI is the password – Hackable

We recently saw the 1 million unique Apple device IDs leak, and now there is a vulnerability in the Android version of the popular Cross-platform Messaging system, Whatsapp.

Whatsapp recently hit, the record of 10 billion messages sent and received per day, just imagine the popularity, but this has a bad side to it, the popularity makes it the prime target for hackers.


We’ve seen news About Whatsapp can be hackable via Wi-Fi but that not being its own vulnerability but the Wi-Fi protocol being the problem and some more.

Sam Granger, one of the hack found that, If you installed WhatsApp on an Android uses Your phone number as the username and IMEI (inverted and MD5 hashed) as your password.

Did you know how long does that take t0 code?

Here you go md5(strrev(‘your-imei’)) and you’re done, this is how Whatsapp on Android Phone stores the password.

However, this isn’t a new revelation, the WhatsApp Wikipedia entry already states that the service uses phone number and IMEI, but what Sam pointed out was that there are SIMPLE ways to retrieve the two nuggets.

1. You have direct access to your victims phone, in which case you dial & call *#06# (in most cases) and you’ve got their IMEI number.
2. You develop an app that silently sends the victims IMEI number to your server in the background (many applications do this already) & phone number, either by letting them fill it in themselves in a registration part of your app, or also silently (this method however isn’t always airtight but works in a lot of cases).
3. A hacker leaks a database/file with IMEI numbers with associated phone numbers, ding ding ding!
4. A spammer buys this information from an app developer.

Time for some Android code examples.

Android code example to retrieve IMEI number:

TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

String device_id = tm.getDeviceId();

To retrieve the victims phone number:

TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);
mPhoneNumber = tMgr.getLine1Number();

You can also retrieve the users voicemail number too just in case:



What are the implication? We think they are HUGE!

  • Spam the hell out of Whatsapp server, once you collect a HUGE database.
  • Intercept Photos, Private conversions on Whatsapp, Make it public, especially when S*xting is so common.
  • Send messages to people’s friends whose IDs you’ve hacked.

Sam went on to say:

Is this already happening? It wouldn’t surprise me if it is. I’ve succeeded in sending/receiving messages (from friends accounts who gave me permission to take their accounts over) and I’m not even a “hardcore hacker”.

Ps. Don’t get me wrong, I love WhatsApp. But it’s far from “secure”.

Would you use Whatsapp after knowing this, or, rather would you use Whatsapp for the private chats, images, etc, especially if you have a hacker friend, capable of pulling this off on you!

via: SamGranger

The DNetWorks Team

  • sanju

    i know the imei number and the phone number also but where should i log in now with this information…
    i mean i got the user id and also the md5 reverse string as a password but where should i use this information?pls tell me the whole procedure asap…waiting for your reply through mail
    thanks a lot

    • Facebook Inovations

      Hey sanju, I have only the IMEI and cellphone number too… Did you get it how to hack? could you show me how to do if so? Thank you!

      • Whats app leak

        Hey, so has someone figured it out to login (wear?) with this information?

  • yogita

    My phone is being hacked with the help of IMEI number and the peraon is abe to see all my chats even the deleted chats. Please help me and give me solution for this. What should i do to prevent my chats to be seen to him.

    • OLPOL

      What are you hiding from him?

  • Tikesh

    hii… my phone is lost ..using whatsap with 09407565723..can u plz give me my phones imei no. i need it

    • rash

      if you are using gmail account in your phone then in your gmail account your imei number has been saved.

  • rash

    Hi. some one has stollen my android phone, I know my imei number of that but he has used my whatsapp sending images using his wifi network, is it possible to trace network information from that image?

  • Vivek Pandey

    Hello Respective,

    I know emi number of my wife can i know her whatsap number ?? please suggest me
    I have emi number can i know the which sim number mobile use in this device.

  • mary walker

    I recommend [email protected] Thank me later.