Hacker News new | ask | show | jobs
by xorcist 3440 days ago
> WA has no login, no password, so anyone receiving the SMS can impersonate anyone

That sounds like a fatal flaw. Could not any GNU Radio user dump these by the thousands?
2 comments
aylons 3440 days ago
I don't believe it could be done by the thousands, it would be way more targeted:

You'll need to be next to the actual phone number user when you request, and the victim will receive the SMS. Also, the victim would be shut out of WhatsApp (it allows only one client to be active), which would probably trigger some reaction.

Sounds like a nice hack, nevertheless.

link
MichaelGG 3440 days ago
Is it true? It'd be trivial to require the activator to be the same device that requested the SMS.
link