WhatsApp and Telegram hacks grow: what are the most common attacks and how to protect yourself

Hacking,

, account theft, and other types of

: WhatsApp, the most widely used messaging app in Latin America, forms a huge attack surface for scammers.

According to data from

, a company dedicated to computer security, cases of hacking or identity theft through messaging applications have been increasing in the Latin American and Caribbean region.

Among those affected we can find

, government officials, famous people and even political cases that have sparked scandals.

All this occurs in a context of growing global cybercrime: during the first half of 2022 the area received

January to June, an increase of 50% compared to the same period last year. previous year (with 91 billion, all this according to FortiGuard Labs).

“While we are all aware that hacking other people's accounts without their consent is illegal and completely against the terms of use of the most common applications such as

, the reality is that cybercriminals are always looking for new ways to of violating devices for purposes ranging from data theft to obtaining economic benefits”, they explain from the threat laboratory.

For this reason, to be cautious, understanding how accounts are stolen can help to raise awareness and, above all, avoid being scammed.

The most common hacks to WhatsApp and Telegram

Signal, Telegram, Whatsapp: chats are the most sought after applications to intervene.

Photo Telegram

If we understand by hacking as an intrusion or unauthorized access to an account, there are several techniques that can be used to seize the data of a third party, according to Fortiguard Labs:

• SIM Swapping

  – This attack involves swapping a phone's SIM with someone else's SIM, then using the swapped SIM to receive verification codes and access the victim's account.

  For this reason, it is very dangerous to have SMS as a second factor (see below).

• Malware

  – Some cybercriminals use malware designed to spy on victims and gain access to their messaging accounts.

  These programs are often distributed through emails or fake downloads.

  HP Wolf Security, the company's cybersecurity division, warned last year about this problem, typically known as a

  virus. 

  “One of our latest cyber threat reports revealed that 29% of captured malware was previously unknown due to the use of techniques to avoid detection.

  In addition, it was detected that the most common malicious files are documents (31%), storage files (28%), spreadsheets (19%) and executables (17%)", detailed from the company.

• Man-in-the-middle (MITM) attacks

  : they consist of intercepting communications between two devices and modifying them to access the victim's accounts.

• Dictionary

  attacks – Dictionary attacks involve using automated programs to try different combinations of passwords and usernames until they find a combination that works.

  These attacks can be effective if the victim uses weak or common passwords.

• Brute force attacks

  – These are similar to dictionary attacks, but use automated programs to try all possible combinations of passwords and usernames.

On the other hand, most messaging apps have end-to-end encryption and security measures in place to protect the privacy of users.

This means that only the person who sends a message and

However, it is important to note that no application is completely secure and it is the responsibility of the user to take additional measures to protect our privacy and security.

The importance of the double factor

Social networks enable a second factor to be activated.

AFP photo

Double

, called MFA or 2FA, is a security filter to protect accounts from unauthorized access.

In an age where login details (username and passwords) are known to be constantly leaked and sold, 2FA allows a system to confirm that a person is the genuine owner of the account being accessed.

Validation is through something that, in theory, only the owner knows, has or is: a password, a token or a biometric factor (fingerprint, face).

“A double authentication factor has become a

tool for both organizations and people in their day-to-day lives.

Applications such as social networks or even applications with which we use others, well, let's say, finances, banking applications, have all these systems for free", explains to Clarín Arturo Torres, Intelligence strategist against threats for FortiGuard Labs for Latin America and the Caribbean.

“It is important to be able to count on these protection systems, since they provide one more layer to keep our personal, financial, social network or even business information safe,” he adds.

“There are many ways to be able to use two authentication factors, either as

or even

such as cell phones, which use a fingerprint or even facial recognition, adds.

There are even physical keys called FIDO that allow it to function as a second physical factor.

The expert assures that any option is good: it will always be better to have one of them than to have nothing.

However, “

”.

“We use the one that best suits our needs, for example, if you are a person who is not so careful with your cell phone, I would recommend that you use a token.

If you lend your cell phone to your children, if they can access those tokens, we would really have to be careful.

The ideal is to use them correctly ”, she argues.

There is something quite important to remember, in this sense: SMS as a second factor is one of the most dangerous and the preferred method for those who violate WhatsApp accounts: when verifying by telephone line, anyone who clones a line or SIM card can enter the code received by text message and take control of the account.

"It is preferable to activate authentication through an app (such as Google or Microsoft Authenticator) over the cell phone. This is because mobile phone service provider companies have serious vulnerability problems that enable maneuvers such as

[SIM card theft] to use it on another phone and access our accounts] by a criminal. If they have access to our line, they have access to everything that is authenticated through that line number," explains Jorge Litvin, a lawyer specializing in cybercrime and cybersecurity.

Password managers, allies against hacking

Weak passwords are a big security problem.

Photo: Shutterstock

One of the recommended options for protecting accounts is to use a key manager.

There are programs dedicated exclusively not only to store passwords, but also to generate secure passwords, difficult to "

" (ie guess).

“Ideally, we generate secure passwords, that is, they have approximately 15 characters.

These characters have uppercase, lowercase, numbers and special symbols and so on.

So this can create challenges for users, because it becomes more difficult to remember these passwords due to this complexity”, he explains “

such as passphrases, such as: the name of a song, of a movie, but using uppercase, lowercase , special symbols”, he suggests, as an alternative.

This is efficient in the face of so-called

"They can use computing power to break those passwords in a matter of time and the longer and more complex we make the password, obviously it will take the attacker more time and many times It can take a lot of years, if we do it properly.”

Of course, it is very important to generate a strong master password, but also to have

And finally, understand that there are no 100% safe methods: they all carry a risk.

“There have been very important cases like the one we just heard about a couple of weeks ago from LastPass, one of the most widely used key managers, that had a cybersecurity problem or incident, so when something like this happens, we have to change passwords and validate if this is the best service for us or we will look for a better alternative.

In security, nothing is foolproof and we have to stick to the risks," he closes.

SL

look also

Password managers: why more and more people are using them and which ones are the best in 2022

What are cookies and what are we doing when we click "accept all"