![]() ![]() ![]() These are the few of them according to our research, but if you know more that comes with the MMI Group App pre-installed, then do share them with us so that we can add them to our list, and not only that we will also give the credit for the addition. MMI Group App on Samsung Galaxy Note 20 Ultra 5G.MMI Group App on Samsung Galaxy Z Fold 2.MMI Group App on Samsung Galaxy S21 FE 5G.MMI Group App on Samsung Galaxy S20 FE 5G.MMI Group App on Samsung Galaxy Z Flip 3.MMI Group App on Samsung Galaxy A71s 5G.MMI Group App on Samsung Galaxy A52s 5G.So, here we will mention all the Samsung devices that come pre-installed with the MMI Group App:. It means the MMI Group App comes pre-installed on selected Samsung devices. This feature prevents malicious actors from getting control of the account by requiring a PIN whenever you register a phone with the messaging app.What is MMI Group App on Samsung Devices?įor further knowledge, let me clarify that the MMI Group App doesn’t come with all Samsung devices. ![]() Protecting against this type attack is as easy as turning on two-factor authentication protection in WhatsApp. Sasi's post refers to Airtel and Jio mobile carriers, each with more than 400 million customers as of December 2020, according to public data. Mobile carriers warn users when call forwarding becomes active, source: BleepingComputerĮven with this highly visible warning, threat actors still have a good chance of success because most users are not familiar with the MMI codes or the mobile phone settings that disable call forwarding.ĭespite these obstacles, malicious actors with good social engineering skills can devise a scenario that allows them to keep the victim busy on the phone until they get the OTP code for registering the victim WhatsApp account on their device.īleepingComputer has tested this method using mobile services from Verizon and Vodafone and concluded that an attacker with a plausible scenario is likely to hijack WhatsApp accounts. Users may miss this warning if the attacker also turns to social engineering and engages the target in a phone call just long enough to receive the WhatsApp OTP code over voice. For example, if the MMI only forwards calls when a line is busy, call waiting may cause the hijack to fail.ĭuring testing, BleepingComputer noticed that the target device also received text messages informing that WhatsApp is being registered on another device. Some caveatsĪlthough the method seems simple, getting it to work requires a little more effort, as BleepingComputer found during testing.įirst off, the attacker needs to make sure that they use an MMI code that forwards all calls, regardless of the victim device’s state (unconditionally). WhatsApp options for receiving one-time password, source: BleepingComputerĪfter they get the OTP code, the attacker can register the victim’s WhatsApp account on their device and enable two-factor authentication (2FA), which prevents legitimate owners from regaining access. They are easily found and from the research we did, all major mobile network operators support them. These codes start with a star (*) or a hash (#) symbol. Sasi says that an attacker first needs to convince the victim to make a call to a number that starts with a Man Machine Interface (MMI) code that the mobile carrier set up to enable call forwarding.ĭepending on the carrier, a different MMI code can forward all calls to a terminal to a different number or just when the line is busy or there is no reception. It takes just a few minutes for the attacker to take over the WhatsApp account of a victim, but they need to know the target’s phone number and be prepared do some social engineering. Rahul Sasi, the founder and CEO of digital risk protection company CloudSEK, posted some details about the method saying that it is used to hack WhatsApp account.īleepingComputer tested and found that the method works, albeit with some caveats that a sufficiently skilled attacker could overcome. The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password (OTP) verification code via voice call. There’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |