It sounds incredible that through voicemail they can affect us; During the month of August 2021, I received a huge number of calls from different political figures, including deputies, senators and some high-ranking government officials, all with a coincidence: they had lost their WhatsApp.
At first, when investigating what had happened, the similarities in the form of operation were coincidental, calls in the wee hours of the morning, approximately between 2:00 and 4:00 a.m., the time when the body is at rest repairing, and the perfect moment for the cybercriminal, knowing that many of us leave the mobile phone in silence or turn off while we sleep, they knew that they could commit their attack without major complications.
When we register a WhatsApp account we have two options: the first, that we receive an SMS code; the second, that a code reaches us through a voice call. This is where voicemail makes sense, because, by being able to make a query, a deviation with a dialing code, we can consult our voicemail remotely without having to have our mobile phone at hand or be calling from it, I will not go into technical details of how to dial for remote messages, it would be to give the reader a weapon.
In short, while the victim is beside himself, and without the ability to have the mobile in his hands to check what is happening, the attackers generate a registration code by calling, when the victim does not answer or when the mobile is turned off , this code remains in the voice mailbox.
If the victim does not have their voicemail configured with a security parameter such as the PIN offered by most telephone operators in Mexico, the attacker enters to configure that voicemail remotely and gains access to the stored messages. , this is where you hear the code and bye bye WhatsApp account.