Use Whatsapp? You Phone number is your Username and IMEI is the password – Hackable

We recently saw the 1 million unique Apple device IDs leak, and now there is a vulnerability in the Android version of the popular Cross-platform Messaging system, Whatsapp.

Whatsapp recently hit, the record of 10 billion messages sent and received per day, just imagine the popularity, but this has a bad side to it, the popularity makes it the prime target for hackers.

whatsapp-imei-password-inverse-md5

We’ve seen news About Whatsapp can be hackable via Wi-Fi but that not being its own vulnerability but the Wi-Fi protocol being the problem and some more.

Sam Granger, one of the hack found that, If you installed WhatsApp on an Android uses Your phone number as the username and IMEI (inverted and MD5 hashed) as your password.

Did you know how long does that take t0 code?

Here you go md5(strrev(‘your-imei’)) and you’re done, this is how Whatsapp on Android Phone stores the password.

However, this isn’t a new revelation, the WhatsApp Wikipedia entry already states that the service uses phone number and IMEI, but what Sam pointed out was that there are SIMPLE ways to retrieve the two nuggets.

1. You have direct access to your victims phone, in which case you dial & call *#06# (in most cases) and you’ve got their IMEI number.
2. You develop an app that silently sends the victims IMEI number to your server in the background (many applications do this already) & phone number, either by letting them fill it in themselves in a registration part of your app, or also silently (this method however isn’t always airtight but works in a lot of cases).
3. A hacker leaks a database/file with IMEI numbers with associated phone numbers, ding ding ding!
4. A spammer buys this information from an app developer.

Time for some Android code examples.

Android code example to retrieve IMEI number:


TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

String device_id = tm.getDeviceId();

To retrieve the victims phone number:


TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);
mPhoneNumber = tMgr.getLine1Number();

You can also retrieve the users voicemail number too just in case:


TelephonyManager.getCompleteVoiceMailNumber()

 

What are the implication? We think they are HUGE!

  • Spam the hell out of Whatsapp server, once you collect a HUGE database.
  • Intercept Photos, Private conversions on Whatsapp, Make it public, especially when S*xting is so common.
  • Send messages to people’s friends whose IDs you’ve hacked.

Sam went on to say:

Is this already happening? It wouldn’t surprise me if it is. I’ve succeeded in sending/receiving messages (from friends accounts who gave me permission to take their accounts over) and I’m not even a “hardcore hacker”.

Ps. Don’t get me wrong, I love WhatsApp. But it’s far from “secure”.

Would you use Whatsapp after knowing this, or, rather would you use Whatsapp for the private chats, images, etc, especially if you have a hacker friend, capable of pulling this off on you!

via: SamGranger

The DNetWorks Team

  • sanju

    i know the imei number and the phone number also but where should i log in now with this information…
    i mean i got the user id and also the md5 reverse string as a password but where should i use this information?pls tell me the whole procedure asap…waiting for your reply through mail
    thanks a lot

    • Facebook Inovations

      Hey sanju, I have only the IMEI and cellphone number too… Did you get it how to hack? could you show me how to do if so? Thank you!

      • Whats app leak

        Hey, so has someone figured it out to login (wear?) with this information?

  • yogita

    My phone is being hacked with the help of IMEI number and the peraon is abe to see all my chats even the deleted chats. Please help me and give me solution for this. What should i do to prevent my chats to be seen to him.

    • OLPOL

      What are you hiding from him?

  • Tikesh

    hii… my phone is lost ..using whatsap with 09407565723..can u plz give me my phones imei no. i need it

    • rash

      if you are using gmail account in your phone then in your gmail account your imei number has been saved.

  • rash

    Hi. some one has stollen my android phone, I know my imei number of that but he has used my whatsapp sending images using his wifi network, is it possible to trace network information from that image?

  • Vivek Pandey

    Hello Respective,

    I know emi number of my wife can i know her whatsap number ?? please suggest me
    or
    I have emi number can i know the which sim number mobile use in this device.

  • mary walker

    I recommend [email protected] Thank me later.

  • Donna Allen

    I am very suspicious of my fiance of two years now that she’s cheating on me, she has changed passwords to every account that she has, plus put a pin lock on her phone, i have been searching for ways to retrieve her text messages without installing any software on her phone or having access to it, so far i am not having any luck. i took the last risk to contact another hacker from a forum and the hacker really helped in changing my life and he can change yours too. His job is 100% safe and without trace. Just contact him on his email address: (aaronswartzcyberservices At Gmail Dot Com)

  • mikel

    I notice my mum keep late to bed and also busy receiving phone calls at night,then i doubt something is really going on with her,i have no choice to take matters into my hands.i explain to my old friend and he recommend me to his hacker who help him to hack into any sort of hack.i gave him a try and he help me to hack into my mum cell phone outlook and Facebook was wire direct to my email,this captain really help me a lot and also gain more experience from him.you can also get hold of him on his email.([email protected])so you will also share yours testimony to the world just like i did.

  • Kelvin

    I am posting this Testimony as a way to openly thank him for helping me achieve what none of this other hackers could do. It was like a dream come true for me and I am recommending him to anyone that has any hacking issues that needs to be addressed. feel free to contact him for Facebook, Snapchat, Cloning, Upgrading of Grades, Gmail, Yahoo, Instagram and Whatsapp hacks. Don’t waste your time thinking about this issues.. Contact him!!! [email protected]

  • Jeddy Brown

    In some instances When you look for someone behind the door clearly, maybe it is you still standing there. that is, you really need to be sure of what you’re doing or dealing with. What I really mean is that you could have had an affair and now you look to find your hubby there. The other thing is that there are 3 categories to the story Yours, His and the Truth. You really need to be in the best place relationship with the person good enough you can sex with. I want to introduce you to a university graduate in computer science as well as computer geek He’s good in many form of hacking. He did safe my life against my family lawyer and i’m so grateful this way. I can say to you Hes good, understanding and also affordable for a good job on his table. mail him directly Notablespy.org(AT)gmail(DOT)com and be safe too..