Articles making sense of how it would be within the realm of possibilities to keep an eye on WhatsApp are increasing on the Web. Generally speaking, these are lies, systems that even open one’s gadgets to the gamble of contamination or which, in the best of cases, are difficult to complete without the actual accessibility of the casualty’s cell phone.
In the last period, articles clarifying how to spy on WhatsApp regardless of the actual accessibility of another person’s telephone have been pursuing each other on the Net. Additionally, because of some new TV administrations, many have hurried to look for applications, for example, WhatsApp Sniffer, that would permit you to keep an eye on the WhatsApp discussions of clients associated with a similar WiFi organization.
We should begin by expressing that things have fundamentally changed with time. Taking on a start-to-finish component for scrambling messages by WhatsApp makes any sniffing of information parcels inside a similar neighborhood network pointless. This framework ( TextSecure ) was created by the cryptographer Pizazz Marlinspike, writer of the Sign application, and – except if there are characteristic weaknesses in the encryption calculation, which have never arisen to date .
It is presently preposterous to expect to understand sent and received messages, through WhatsApp, with cell phones associated with a similar WiFi organization. Indeed, even a parcel sniffer like Wireshark can only easily decipher WhatsApp traffic since encoded up and down the way isolates the gadget of the source of a message from that of the beneficiary.
The start-to-finish encryption framework utilizes a couple of public and secret keys made and put away on every gadget. The secret key used to unscramble the messages is put away in the cell phone and, hence, can’t be “caught” by outsiders. Quite a long time ago, notwithstanding WhatsApp Sniffer (assuming you attempt to look for this application today, you’ll wind up with an application containing malware…), there was likewise a module for Wireshark that permitted you to inspect traffic inside the nearby organization.
Even so, it has become outdated since WhatsApp changed its convention. With Wireshark, it is conceivable to see the DNS demands and the endorsement trade stage through TLS when WhatsApp has begun any gadget associated with the WiFi organization. In any case, following the substance of the messages traded is only achievable sometimes. No man-in-the-middle (MITM) attacks in the case of Whatsapp, therefore. We have dedicated an entire article to the functioning of the end-to-end encryption mechanism in Whatsapp: End-to-end encryption on WhatsApp and how it works.
Also Read: WhatsApp Chain Letter: Group Settings Changed?
Spy On WhatsApp With MAC Address Cloning
One of the most popular methods for spying on WhatsApp is to clone someone else’s MAC address. As is known, the MAC address is a 48-bit address that the manufacturer of any network card associates with that device. The attribution of the MAC address is unique: on the face of the Earth, there are no two network cards with the same MAC address.
The first three octets of the MAC address identify the organization or the manufacturer that issued the identifier ( Organizationally Unique Identifier, OUI). In contrast, the card manufacturer assigns the following ones, respecting the uniqueness constraint. At this address, you can find a list of the various OUIs.
It has been known that MAC addresses can be falsified via software. In other words, it is possible to “deceive” the installed applications that they are using a system with a network card distinguished by a MAC address different from the real one (assigned by the manufacturer).
Finding the MAC address used by the network interface of someone else’s smartphone where WhatsApp is installed is very easy. And it is possible to do it without even physically having the phone, provided it is connected to the same WiFi.
It will then be sufficient to access the router’s administration panel, go to the Wireless or WiFi section and check the list of connected devices, reading the MAC address of the smartphone of interest in clear text. Alternatively, the MAC address can be read by accessing the Android settings and selecting About phone, Status, and WiFi MAC address.
Once the MAC address of others has been stolen, you will need to have an Android device already rooted and then install both Busybox and an app like Terminal Emulator.
From the Terminal Emulator app, you can issue the following command to “fake” the MAC address by specifying the one relating to the other mobile device: busybox ifconfig wlan0 hw ether XX:XX:XX:XX:XX: XX
In case of an error, instead of wlan0, try substituting eth0. By installing WhatsApp and indicating the other user’s phone number, you should be able to spy on all conversations. To proceed, however, it will be necessary to enter the confirmation code, which will be sent, via SMS, to the other person’s mobile device. The physical availability of the other person’s telephone is, therefore, a sine qua non. To restore your default MAC address, restart your Android smartphone.
Beware Of The Web Application That Can Allow You To Spy On WhatsApp
Again provided that the other person’s phone is physically available, by accessing the WhatsApp app, pressing the button showing three dots in the column, and finally choosing WhatsApp Web, you can connect the application with a PC or, better, with any browser. By visiting this page and scanning the QR code with the digital camera integrated into the other’s mobile device, it will be possible to access all the messages exchanged in real-time, regardless of the geographical position of the smartphone and the network to which it is connected.
However, a few weeks ago, WhatsApp did not show any notification about using WhatsApp Web. However, whenever a system connected via WhatsApp Web is detected, the app shows a notification indicating WhatsApp Web is currently active. The advice is to periodically access the WhatsApp Web section of the WhatsApp app and tap Log out of all computers.
Also Read: Private Chat App With Encryption And Protected And Encrypted Messages
Apps Like Cerberus And SpyStealth Can Be Used To Spy On WhatsApp
Cerberus is an excellent application, which we have already talked about in the past (see How to find your lost or stolen mobile phone with GPS and IMEI ), which allows you to find a lost or stolen Android smartphone. However, Cerberus also allows you to take screenshots automatically and send them to the account owner. By installing Cerberus on any Android smartphone, provided that it has been rooted, an attacker can automatically receive multiple screens depicting what “the victim” is viewing on his smartphone.
The SpyStealth app, easily available on the Net, relies on the manufacturers’ servers on which the information collected on other people’s phones is stored. Regarding WhatsApp or any other supported messaging app, SpyStealth stores and organizes messages and displays them in a convenient web interface. Even in this case, however, to monitor apps (including WhatsApp), the smartphone must have previously been rooted.
How To Defend Yourself Against Those Trying To Spy On WhatsApp
Avoiding being spied on while using WhatsApp is very simple if you follow a few simple rules.
Always Set A PIN Or A Graphic Pattern To Unlock The Phone
All known methodologies for spying on WhatsApp require the physical availability of the “victim’s” phone. Therefore, the first rule is never to leave your smartphone unattended and make sure you set the PIN code, graphic sequence, and fingerprint unlock. The latter protection allows you to access the device while also defending yourself from “prying eyes”: no one in the vicinity can memorize the unlock graphic sequence or PIN simply by observing our movements.
Periodically, it is a good idea to change the graphic sequence and PIN code.
Protecting The Launch Of WhatsApp And Other “Sensitive” Apps With Your Fingerprint
As explained in the article, Android apps that use the fingerprint reader, the graphic sequence, and PIN should already be more than enough to protect smartphone access; however, using a free app like App Lock, you can inhibit the use of WhatsApp unless your fingerprint is recognized. This is an additional layer of security.
Prevent SMS Notifications From Appearing On The Lock Screen
Android has a configuration option, accessible from the Security section of the settings, that allows you to hide sensitive content on your device’s lock screen. By doing so, Android will no longer display a preview of the content of incoming SMS, and a possible attacker who has the physical availability of the phone but does not know the PIN or the graphic unlock sequence will not be able to read the requested confirmation code (for example in the case of MAC address cloning).
Check The Installed Apps And Their Permissions
Always bearing in mind that the smartphone must remain a personal device that must never be shared with other users, one of the best tips is to check the installed apps and check for the presence of apps that could be exploited to monitor the smartphone. Furthermore, in the Privacy section of the Android settings, it is important to check whether and which apps are configured as Device Administrators, which ones can access notifications, and so on.
Check Who Is Logged Into Your WhatsApp Account Via WhatsApp Web
After launching WhatsApp, select the WhatsApp Web option from the main menu and then press Log out of all computers if you have any doubts about the connection of unauthorized users from PCs and remote devices. It would help if you never used WhatsApp Web on devices that are not your own.
Primarily because what is displayed could easily fall into the hands of others (think of the presence of malicious software that monitors what is displayed on the screen or typed from the keyboard) and because it is the risk of forgetting to log out. In any case, the forced disconnection of connected devices is done simply by touching the item. Disconnect from all computers.
Activate WhatsApp’s Two-Factor Authentication
By accessing the WhatsApp settings and selecting Account, Two-step verification, and Activate, you can set a security code that will be requested whenever you try to reactivate WhatsApp on any device. This additional protection measure allows you to reset the effectiveness of most of the attacks still possible today against WhatsApp users.
Also Read: 7 Best Alternatives To WhatsApp That You Can Download Right Now