Is it possible to clone Whatsapp? Is it true that someone can take over our account, fool all the app’s security systems, and monitor our conversations? Many people ask me, and that’s why today I decided to look at the issue to clarify, or rather, to understand what behavior is and situations to which we need to be more careful.
Stealing a person’s identity on WhatsApp is, unfortunately, possible, it must be acknowledged, but this is an operation that always requires the “cooperation” of the victim. Of course, this does not mean that there are willing to be spied on.
This means much simpler that with the right protection of your smartphone, by paying little attention to what you do and applying the most common healthy rules, you can prevent most of Whatsapp identity theft activities.
To better understand what I’m saying, let’s try to analyze some of the techniques that cybercriminals use to steal WhatsApp users’ identities and see what countermeasures we need to apply to prevent them from being applied on our mobile phones.
Identity theft via WhatsApp Web/ Desktop
Two handy tools allow you to use WhatsApp directly from your PC: WhatsApp Web allows you to use WhatsApp your PC using a browser, another is the official WhatsApp client for Windows and macOS.
Both work in a straightforward way. To use them, insert an A QR code frame with the camera on a smartphone and wait a few seconds until all phone messages appear on your computer. And it is this incredible immediacy that poses a potential risk to our privacy!
WhatsApp Web and WhatsApp pc client only works if the phone on which WhatsApp is installed is plugged in & connected to the internet. Still, they do not require the presence of both devices on the same wireless network (so they work even if the smartphone is in a different location from the computer and is connected to the Internet via a data network). Also, if you check the item Keep in touch Before logging in, it allows you to access your conversations without signing in again. Browse the QR code.
Simply put, this means that the attacker can temporarily seize your mobile phone (a very trivial justification, such as the need to call), log in to WhatsApp Web or WhatsApp for a computer on your computer (or even on a tablet with a desk enabled) and get uninterrupted access to your chats.
How to protect ourselves
To avoid the risk to leakout your chats without permission via WhatsApp for a computer, from time to time, check the computer sessions on Whatsapp Web / WhatsApp open in your account. You don’t know how to do that? Don’t worry. It’s effortless.
To check which WhatsApp Web/WhatsApp PC sessions are open in your account, launch WhatsApp on your phone and go to the Settings menu > WhatsApp Web/Desktop query. In Android, the setup menu appears by pressing the button. (…) which is at the top right.
If you notice any suspicious activity, press the Sign out button on all computers, and all computers connected to Whatsapp Web will lose access.
Mac Address Cloning
One of the best techniques for cloning Whatsapp involves cloning a MAC address on the victim’s smartphone.
The MAC address is 12-digit code that allows you to uniquely identify all devices capable of connecting to the Internet: mobile phones, tablets, computer network adapters, etc. WhatsApp also uses it and the phone number to identify its users and disguise that it can fool the app’s security systems.
The good news is that cloning a MAC address is not easy. It is necessary to be well acquainted with computational means and, most of all, to have free access to the victim’s smartphone for quite a long period. Here, in short, all the steps that need to be taken.
- Unlock your smartphone by rooting Android or jailbreaking iPhone
- Take the victim’s smartphone and find out his MAC address (freely available from the Settings menu > Information from all major mobile operating systems);
- Calculate the MAC address of your smartphone by making it look like the victim’s phone;
- Install WhatsApp and activate it with the person’s phone number to be spied on (then use the victim’s smartphone to get an activation code from the application).
After this lengthy process, the attacker can gain free access to the victim’s account by bypassing the app’s security systems (which usually prohibit the use of WhatsApp on more than one phone at a time).
How to protect yourself
As already mentioned, cloning Whatsapp masking the MAC address is a very long and complex operation. However, it is best not to take unnecessary risks and take all those robust measures that allow you to protect your account reasonably.
- Don’t borrow your smartphone from strangers or leave your phone unattended in public. They are trivial tips but always very valid!
- Protect your smartphone with a secure PIN. Thus, even if the attacker got his hands on our smartphone, he can hardly do anything about it. Here’s how to set the PIN on Android, iPhone, and Windows Phone.
- Android – go to the Settings menu > Security > Screen lock. From here, you can select the PIN option that allows you to set a numeric unlock code or the sequence option that allows you to use a gesture (that is, “drawing” to play the phone screen) instead of the numeric code.
- iPhone – go to the Settings menu > Tap ID and password and select the Article Change code.
- Windows Phone – Go to the Settings menu > Lock screen and enable the password option.
- Avoid displaying SMS on the lock screen so that no hacker sees SMS with Whatsapp verification code. This is how it is done on Android, iPhone, and Windows Phone.
- Android – go to the Settings > Sound & Notifications menu > Notifications and set the Locked device drop-down menu en Hide sensitive notification content (o I don’t see notifications at all if you want to hide all Android lock screen notifications).
- iPhone – go to the Settings menu > Notifications > Messages and uncheck the Show lock screen option.
- Windows Phone – go to the Settings menu > Lock screen and accommodate Nadie drop-down menu. Select an application whose status is displayed in detail.
Security measures to avoid cloning WhatsApp
Finally, let me give you some other tips on avoiding cloning and/or breaking into WhatsApp chats. These are other measures of simple common sense, nothing complicated.
- Avoid public Wi-Fi networks that are often monitored by malicious people and could allow access to some sensitive data, such as WhatsApp calls (in this sense, I invite you to use VPN I like NordVPN (which I talked about here in-depth) or Surfshark make your contact details always inaccessible to malicious people, providers or anyone else).
- Search for spy apps on your phone. An operation that is not always easy to perform, as many spy applications hide not to be detected by the user, cost nothing to test!
- Android – if you have an Android device, go to the Settings > Security > Device Administrators menu & scroll through the list of all applications that can control the system. If any of them are suspicious, disable and uninstall.
- iPhone – if you have a disconnected iPhone, you can unmask spy apps by opening the browser and contacting localhost addresses: 8888 es localhost: 4444 or composing the code * 1 2 3 4 5 on the dashboard. If you see that an app’s administrative panel appears to be spying on your phone when performing any of these operations, open it immediately. Cydia and remove any suspicious packages.