Apprenticed parents, jealous boyfriends, friends hangovers … everyone, and I stress everyone, they ask me how to spy WhatsApp . Everyone wants to know if spying on WhatsApp is really as simple as saying, if the many apps on the Internet really work, and whether, to monitor a person’s conversation, maybe your partner or your child, you have to be Hacker strength. As easily understood, it is not easy to solve the issue in a few lines. To tackle the issue seriously, we need to take some free time and analyze all the potential risks that WhatsApp users are facing today.
Let’s start by saying something important, and that is, you do not have to panic. The incredible success of WhatsApp has tickled the interest of many cybercriminals, who, more and more often, try to “pierce” service servers and steal user data, but fortunately developers have not been with Hand in hand and decided to adopt end-to-end encryption (point to point) system that has greatly strengthened WhatsApp’s security. With end-to-end encryption, messages that arrive on WhatsApp servers are all encrypted. This means that they are decoded directly on our smartphones and that they are visible “clearly” only by legitimate senders and recipients. In short, with less clamorous security flaws or as many glaring errors in the implementation of end-to-end encryption, the “sniffing” of communications through wireless network monitoring (as I explained in my tutorial on as Crack WiFi password ) or violation of WhatsApp servers should be avoided. However, there are other kinds of threats to which you must be careful.
Among the threats that need to be paid more attention are the “craftsman” spying techniques, that is, those systems that exploit the weaknesses and disadvantages of the user to drive his access credentials View his online communications. Moreover, we know, the first security measure of a smartphone, computer or any other electronic device is us, the users. If you want to deepen the subject, take five minutes of free time and keep reading. Below you will find all the information you need about WhatsApp’s security.
How WhatsApp Encrypts Works
In November 2014 developers of Open Whisper Systems announced a collaboration with WhatsApp aimed at bringing their end-to-end encryption (TextSecure) encryption to the celebrated Messaging app for mobile phones. End-to-end encryption works with a key pair : a private and a public one. The private key resides exclusively on our smartphone and serves to decrypt messages received from the outside. The public key on the other hand, is shared with our interlocutor and is used by the public to encrypt the messages that are delivered to us (and vice versa). In the middle there are the WhatsApp servers, which make “postmarks”, that is they receive encrypted messages (thus unreadable for both service managers and potential attackers) and deliver them to the recipient’s phone.
The beautiful end-to-end encryption is that everything happens at the speed of light without the user having to move a finger. The only unknown potential lies in the real application of this system. WhatsApp, in fact, is a closed source software and it is not possible to know with absolute certainty how it handles the messages. The only thing you can do – and have tried different scholars – is to examine application data traffic with software like Wireshark (I’ve talked to you in my post on how to sniff A wireless network remember?) And Yowsup .
From some of these tests, such as by Heise in April 2015, it turned out that end-to-end encryption was only used on the Android version of WhatsApp. The others continued to use an encryption system based on the RC4 algorithm, which only worked out (so it potentially reads messages on WhatsApp servers) and is no longer considered safe for several months. But the situation has changed, end-to-end encryption has also come on other platforms (iOS, Windows Phone etc.) and covers all the content hosted by the app: messages, group chat, video , Photos etc.
We can therefore say that WhatsApp is reasonably safe ; Capturing messages that travel on its servers should be a very difficult task, but it is right to keep a bit of a doubt about the inability to thoroughly analyze the source code of the application. For more details on end-to-end encryption and its implementation within WhatsApp, also refer to my tutorial on as encrypting WhatsApp .
How To Spy WhatsApp: Social Engineering Techniques
As we’ve just said, capturing WhatsApp messages trying to “sniff” the data that pass on the wireless network used by the smartphone, through end-to-end encryption, is not as easy as it used to be. But there are techniques for spying on WhatsApp less refined, which can still go to sign. Such techniques provide physical access to the victim’s smartphone and thus involve the so-called social engineering .
In the technical jargon, with the expression social engineering (social engineering) are all those activities that exploit human psychology to cheat the victim of a computer attack. This means that an attacker could pretend a friendly person (or anyway trusted) and ask for the phone on loan for the most banal reasons (eg make a phone call) and then put your nose in your personal data, or in your WhatsApp conversations .
Here’s a few examples of direct attack on WhatsApp that requires physical access to the phone, and therefore a social engineering approach.
Spam WhatsApp through WhatsApp Web / Desktop
WhatsApp Web is a free service provided by WhatsApp that allows you to read and send messages from your computer using your smartphone as a “bridge”. I’ve shown you in detail how it works in my tutorial on how to use WhatsApp on PC where I talked about the WhatsApp for Windows and MacOS client that works the same way.
To use WhatsApp Web and the official WhatsApp client client just connect to a Web page or open the WhatsApp client and scan a QR code that appears on the computer screen using the WhatsApp function on the smartphone. Then, if you enable the check on option Stay Connected access to the service happens automatically whenever your smartphone is connected to the Internet.
What’s even more important to point out is that everything works even though smartphones and computers are not connected to the same wireless network which means that the two devices can also be located at a distance from each other , It is important to have first accessed with the QR code and keeping the check on the “Stay Connected” option. Does this mean? It means that an attacker may be lending the victim to the victim on any pretext, then he can access WhatsApp Web or WhatsApp client from his notebook (or even from his / her smartphone / tablet, enabling desktop site viewing or using apps that Are based on WhatsApp Web) and thus gain access to the user’s spying conversations.
Spy WhatsApp Camouflaging the MAC Address
The MAC address (an acronym for Media Access Control) is a 12-digit address that uniquely identifies network cards on PCs and, more generally, all devices in Able to connect to the Internet, such as smartphones.
By camouflaging the MAC address of your smartphone, an attacker could “fool” WhatsApp and install a copy of the application on your phone to receive all the victim’s messages. Fortunately, this is a fairly articulated operation that takes a long time to be completed, but it’s good to know it to prevent some “crap” from doing so. Below I will show you the various steps you should take to camouflage the MAC Address of your phone and install a “cloned” copy of WhatsApp.
root on Android or jailbreak on iPhone and install the root on Android Of Apps Appropriate for the Purpose (eg SpoofMAC for iPhone and Coupled BusyBox – Mac Address Ghost for Android)
Find out the MAC Address of the device (on Android just go to the menu Settings> Phone info> Status iPhone on the Settings menu> General> Info> Wi-Fi address )
Spam WhatsApp Using Victim Telephone Number
Some sites suggest to spy on WhatsApp by installing a copy of the app on their phone and delivering their activation code to the victim’s smartphone (which should be temporarily on hand).
This technique does not work, or rather, does not work long since WhatsApp lets you associate phone numbers with one device at a time. This means that by activating two smartphones with the same mobile number, the first one stops working and the victim – fortunately – immediately becomes aware of unauthorized use of their account.
Spam WhatsApp with Parental Control App and Spy App
There are many apps for parental control on the market, almost always paid, but with free trial versions that allow you to track activities on a smartphone, remote control your phone, and capturing remote screenshots. Well, some of them could also be exploited for legitimate purposes and used to spy on messed-up messages on WhatsApp or other messaging systems.
Android and iOS and Screen Time The most effective and easy-to-use parental control available on the market today which is also available for Android and iOS . Both of these apps, once installed on the victim’s smartphone, let you know if and when that accesses WhatsApp and allow you to block or restrict the app’s use remotely. They do not directly capture conversations exchanged within the service, but include other invasive privacy features.
Even more dangerous in WhatsApp optics are spy applications ie applications designed exclusively to spy on the victim’s smartphone, which are completely invisible and also allow you to capture the typed messages on your phone’s keyboard.
Among the most popular spy apps right now is iKeyMonitor that is compatible with both Android and iPhone, but fortunately it’s pretty hard to configure and, above all, it’s quite expensive as it costs 22 , $ 49 / month (after 3 free trial days).
To learn more about Qustodio, Screen Time, and other applications that can be used with spy goals, take a look at my posts on how to spy on a cell phone and how to spy on Android phones .
App to track access to WhatsApp
Can not be properly defined as an app to spy on WhatsApp, but you know that there are also applications that allow to track access to WhatsApp by a user by pointing to the times of the latest service connections and time Of permanence within it. These are particularly “unpleasant” solutions as they work remotely and do not require access to the victim’s smartphone (they actually use public data provided by WhatsApp and therefore can not be properly defined as spy apps.)
Among the applications that allow you to track access to WhatsApp tell me WhatsMonitor for Android that you can use for free for 3 days, then it costs 2.99 euros / month for each monitored number. Its operation, as mentioned above, is a disarming simplicity: after downloading it from the Play Store, just start it, create a free account and indicate the cell phone number to monitor .
Almost like magic, within 30 minutes the number tracking begins and a screen with all the accesses to WhatsApp’s “victim” screen appears. If you want to know more, check out my post on applications to spy on WhatsApp where I talked to WhatsMonitor and other apps that let you spy on WhatsApp activities.
How To Protect From Spion
After making this “scary” trailer about the most common spy techniques for WhatsApp conversations, we see some practical advice on how to protect yourself from hangovers. These are simple common sense rules to avoid identity theft and other unpleasant surprises (not necessarily linked to WhatsApp).
Use a Secure PIN – The first advice I give you is to use a secure PIN to unlock the smartphone lock screen (no, 1111 and 1234 are not secure PINs! ). You can change the PIN very easily using the smartphone settings menu.
Disable SMS in lock screen – If you want to avoid the risk that some attacker will activate a “cloned” copy of WhatsApp by delivering a confirmation SMS to your smartphone, disable SMS viewing in the lock screen (in This way, any attacker will have to have full access to the smartphone to complete its plan and will not be able to do so with the phone blocked).
- Android – Settings> Security> Screen Lock> PIN. Once you’ve set your PIN, you can choose not to see all notifications (for any app) or hide only sensitive content. If you choose this second option, you can only deactivate SMS viewing in the lock screen.
– Settings> Notifications> Messages> Uncheck the Show option in “Screen Lock”
Checking WhatsApp Web sessions – As we’ve seen before, you may violate WhatsApp’s privacy by abusing the WhatsApp Web service. If you suspect someone may have done a Kind to your damages, check WhatsApp Web sessions active for your account, and if you suspect someone is suspicious, turn off. To check WhatsApp Web sessions open for your account, go to the Settings> WhatsApp Web / Desktop menu. To disable all of them, instead, click on the button Disconnect from all computers and then on Disconnect .
Re-activate your account immediately if you disable – If someone activated a second copy of WhatsApp using your number, the service will stop working on your smartphone. If your account is suddenly turned off, please turn it back on and contact WhatsApp Support at
[email protected]to report that you probably want to steal your identity.
- Do Not Use Spy Software – Many Internet apps are advertised on the Internet that promise to capture all WhatsApp messages. There are very few things that really work. In most cases, these are good and good scams, if not even malware designed to steal user data for unpublished purposes. Try to get away!
- Do not give the smartphone the first one to happen – this advice could also give our grandmothers, but always better reassert certain concepts!
CAUTION: This guide has been written for purely illustrative purposes. Spying on other people’s conversations is a crime punishable by law, so I take no responsibility for how you will use the information in this article.