Israel's National Cybersecurity Agency has reported an attack on WhatsApp messenger users. Using a flaw in the voicemail protection system, attackers seize full control over the accounts in the service.
As specified in the message, the victims of hackers are those users who have connected the voice mail service with mobile operators, but did not set a new password for it. While by default WhatsApp sends a verification number for account access via SMS, this does not particularly interfere with attackers' actions. After waiting for the moment when the victim can neither read the message nor answer the call (for example, at night), the attacker can get the code redirected to voicemail. All that remains to be done is to listen to the message on the operator's website using the standard password 0000 or 1234.
Experts warned about such a method of hacking WhatsApp last year, but the developers of the messenger did not take any action to protect against it.