One iPhone user has discovered that a Siri feature might be used by thieves, or anyone who has access to your iPhone, to steal your WhatsApp account. What’s even more troubling is that the vulnerability will also allow anyone to enable your WhatsApp account on another device.
This isn’t a Siri, iPhone or Whatsapp specific bug, and it’s unlikely that a thief would be interested in accessing Whatsapp chats belonging to a victim. However, the procedure seems rather simple, and it can be done by anyone with access to someone else’s iPhone, a blog called Teccentricities says.
To activate a Whatsapp account on a different device, someone would simply have to obtain a target’s phone number. If that information isn’t already readily available, the thief could simply ask Siri to tell him or her “my contact” number. If Siri is enabled on the phone’s lock screen — it is enabled by default on all iPhones — the information would then appear on the screen, but only if the iPhone owner filled in the “My info” section inside Siri’s settings.
After that, the phone number can be used on a different smartphone inside Whatsapp to activate the app. The company would send a verification code via voicemail to the target’s iPhone, and that code is then required to complete the Whatsapp activation processes.
Ironically though, the same feature that lets third-parties access someone’s phone number using Siri on the lock screen can be used by benevolent individuals to return a found iPhone to its owner.
A video showing this “hack” in action follows below.