Background Description:
Studies show that 80% of Bruneians use WhatsApp for businesses and sharing information via mobile devices. Due to the way that WhatsApp sends an SMS to users who login to their account on a new device, it leaves users open to account hijacking just by ‘shoulder surfing’. Someone who knows a user’s phone number can easily take over their account just by looking at the victim’s phone when it receives the 6-digit code.
Impact:
- Anyone can gain full access to a user’s WhatsApp account using just their phone number
- Anyone can spy on your unattended device in order to obtain WhatsApp code in SMS
Recommendation:
- Turn off notification preview for SMS
- Never leave your mobile device unattended, even if it’s password protected
- Never share confidential information through WhatsApp
- Enable WhatsApp two-factor authentication
- Backup your files regularly