Martin Wagner

Hijacking Whatsapp accounts using Whatsapp Web

• security

By implementing changes such a the E2E encryption for all users, Whatsapp has changed its image from a messenger app with appalling security to an app that is respected by many. Sure it isn’t signal or matrix but at least it is better than bubcon (Link in german).

Whatsapp accounts are based on phone numbers. This means your phone number is your username and it’s also used for authentication. While this is not perfect from a privacy standpoint it saves the, often non-technical, user from having to remember yet another password that they could potentially reuse or, even worse, disclose through a phishing attack.