How to spy on another number's WhatsApp

Every day I get numerous messages from people asking me how to spy on another number's WhatsApp or, on the contrary, how to prevent unauthorized third parties from "infiltrating" their conversations on what is now the number one app in the world for instant messaging. If you are here now and you are reading these lines obviously you are not far behind. Given the situation, I therefore decided to draft this guide in order to try to clarify the ideas in this regard as much as possible.

To answer the question immediately: yes, unfortunately it is possible to spy on WhatsApp of another number but fortunately it is a decidedly complex operation to put into practice and from which you can defend yourself by applying simple protection measures to your smartphone. For the rest, it is sufficient to follow the most common common sense rules, for example avoiding the use of public Wi-Fi networks, not lending your mobile phone to strangers and not leaving your smartphone unattended. They may seem trivial but in reality they are small precautions capable of safeguarding one's privacy much more than any decalogue on the subject.

Now, however, enough talk and let's get to the point. So take a few minutes of free time all to yourself, make yourself comfortable and immediately start concentrating on reading this tutorial (if we want to call it that). In the end you will see, you will have much clearer ideas about how to spy on another number's WhatsApp and even more about how to protect your conversations from being seen by "intruders". Enjoy the reading!

I went directly to ▶ ︎ Sniffing of wireless networks | Identity theft | Spy app

Sniffing delle ret wireless

One of the techniques to spy on WhatsApp of another number as well as spying in general is the one that provides for it Sniffing of wireless networks with software such as Wireshark (if you remember correctly, I told you about it in my tutorial on how to sniff a wireless network). The term sniffing indicates a monitoring activity of wireless networks that allows you to capture all the information that travels in clear text on the latter.

In the specific case of WhatsApp, sniffing could therefore be used by an attacker in order to monitor the network to which the victim's smartphone is connected. Fortunately, however, this technique shouldn't work these days.

In fact, at the end of 2014 WhatsApp began to adopt a system of end-to-end encryption which makes the messages unreadable for everyone, except for the legitimate senders and recipients. Even on WhatsApp servers, messages arrive encrypted. The system, called Textsecure, involves the use of a pair of keys: a public one, which is shared with the interlocutor and allows you to encrypt outgoing messages, and a private one, which instead resides on your smartphone and allows you to decrypt incoming messages.

So is WhatsApp unassailable? Well, that's not exactly the case. End-to-end encryption potentially puts sniffing techniques out of action but unfortunately there are other "weapons" that bad guys can use to spy on another number's WhatsApp.

Furthermore, we must consider the fact that WhatsApp is a closed source software, which is why it is not possible to thoroughly analyze the source code and therefore we cannot know if the implementation of the end-to-end encryption was carried out in a flawless or if there are some "cracks".

How to defend yourself

Although the situation appears to be fairly calm, it is still advisable to never let your guard down. In fact, if end-to-end encryption is not applied or misapplied, we users can't do much.

The only sensible advice I can give you is therefore to avoid public wireless networks, which are known to be one of the favorite targets of cybercriminals. The alternative, a bit more drastic, is obviously to stop using WhatsApp. The choice is yours.

In any case, also consider installing an app of VPN on your smartphone. If you have never heard of it, the VPN is a virtual private network that allows you to encrypt your connection data and disguise your location, so as to be “invisible” to attackers and providers. NordVPN (which I told you about in depth here) and Surfshark are among the best VPN services of the moment - check them out if you are interested in these types of solutions.

Furto d'identità

Il identity theft is another of the risks to be careful about when using WhatsApp (but not only). This is a technique by which an attacker can "deceive" WhatsApp by pretending to be another person and access the latter's conversations without his consent.

Cloning of the MAC address

One of the most used techniques to spy on another number's WhatsApp via identity theft is MAC address cloning. What is it about? Now I'll explain it to you. The MAC address is a 12-digit code that uniquely identifies all devices capable of connecting to the Internet. It is also used by WhatsApp to verify the identity of users (together with the phone number) but by resorting to the use of some special apps it is possible to disguise it and deceive the application.

So, if an attacker installs some of these apps on their mobile phone (eg. BusyBox e Mac address ghost for Android and SpoofMAC on iPhone) and manages to find out the MAC address of the victim's smartphone (just go to the screen for info of the device present in the settings of the same) can install a "cloned" version of WhatsApp and access the chats of the targeted subject

Fortunately, this practice is not very common and requires considerable technical preparation. Furthermore, it is necessary that the attacker can get his hands on the victim's phone for some time: in a first phase to find out the MAC address of the device and then to read the confirmation SMS necessary to activate the "cloned" copy of WhatsApp on the other smartphone. However, being aware of the existence of this technique will certainly help you avoid possible intrusions into your account.

Web WhatsApp

The identity theft issue also concerns Web WhatsApp, the official service to access WhatsApp from your computer via browser (if you remember correctly, I told you about it in depth in my article on how to use WhatsApp on a PC). The fault is entirely attributable to the default active function which allows the browser to store the user's identity and access conversations without requiring a new scan of the QR code.

In other words, if an attacker manages to get hold of your smartphone (don't think it's so impossible, any excuse is enough) he can activate the Web version of WhatsApp on any notebook, tablet or smartphone and gain access to all your conversations. without you knowing. Once this is done, access will be continuous and not temporary since WhatsApp Web works even when the mobile phone is not connected to the same wireless network as the computer (as long as it has an active Internet connection, no matter if Wi-Fi or data).

The same argument is also valid for the official WhatsApp client for Windows and macOS (I always told you about it in the aforementioned guide), but in this case the procedure to be put into practice for the attacker turns out to be much longer as it should first provide install software on your computer and then perform all of the above steps.

How to defend yourself

Considering that both of the above practices to spy on another number's WhatsApp require physical access by the attacker to the victim's phone, to protect yourself just follow some very simple - but at the same time fundamental - precautions. Here they are.

• Activate a protection system through biometric recognition: Activate device unlock via facial recognition or fingerprint, to prevent other people from accessing WhatsApp Web / Desktop via your device. With this system, in fact, access to the service takes place only after authorization by the device owner.
• Use a secure PIN - The first rule to follow to prevent someone from spying on their conversations on WhatsApp is to set a secure PIN on the lock-screen.
  • Your Android: go to the menu Settings > Safety > Screen lock > PIN. Alternatively, you can set a gesture instead of the numeric PIN by going to Settings > Safety > Screen lock > Sequence.
  • Your iPhone: go to the menu Settings > Touch ID and codice > Change codice.
• Disable SMS display on the smartphone lock screen - Another precaution that I invite you to put into practice is that relating to the deactivation of SMS in the lock screen. In this way, in the event that an attacker tries to clone your WhatsApp account using your phone number, he will not be able to view the verification code necessary to use the app as there will be no message on the smartphone lock screen. and access to the phone will be blocked by the PIN, as seen above. Here's how to do it.
  • Your Android: go to the menu Settings > Safety > Screen lock > PIN, set a PIN and choose to hide only sensitive content.
  • Your iPhone: go to the menu Settings > Notifications > Messages and remove the check mark from the option Show in "Lock Screen".
• Check WhatsApp Web and Desktop Sessions - By accessing the section Settings > WhatsApp Web / Desktop of WhatsApp you can check all active sessions of WhatsApp Web and the desktop client for your account. If you notice any suspicious activity, tap immediately Disconnect from all computers and by confirmation execution of the operation. By doing this, all possible "spies" will no longer be able to access WhatsApp Web or the desktop client of the service using your account as to do so they would have to scan the QR code again with your smartphone. By performing this procedure from time to time you can prevent any identity theft through the web and desktop version of the service.
• Enable two-step verification - Recently, WhatsApp allows you to enable two-factor authentication. This is an additional measure to prevent anyone in possession of your SIM from using your WhatsApp account with the associated phone number. To activate it, open the WhatsApp app on your mobile phone and go to Settings > Two-step verification > Enable.
• Use a secure password for your cloud accounts - Considering that many apps, including WhatsApp, synchronize their data with the cloud (Android uses Google's cloud systems and iPhones, Apple's iCloud platform), if someone manages to find out the password to access your accounts, it could easily arrive to your data and, with the implementation of the necessary stratagem, also to WhatsApp backups. Backups, let's be clear right away, should still be illegible without decryption but, as they say, trusting is good but not trusting is always better.
• Be careful who uses your smartphone - It may seem a decidedly trivial suggestion, I know, but for this reason it could be underestimated by most: avoid lending your phone to strangers, keep an eye on what any acquaintances / friends do with your phone and do not leave your mobile phone unattended in the public places. Also in this way it is possible to avoid the possible implementation of practices to spy on WhatsApp of another number.

Spy app

There are numerous applications designed to spy on Android phones (if you remember well, I talked about it in depth in my article on how to spy on Android phones) and there are also various software that allow you to monitor, control and locate smartphones from a distance. These are undoubtedly tools that can be exploited by malicious people to spy on another number's WhatsAp.

Many of these resources are free and can be easily hidden, meaning that they do not appear on the phone's home screen or on the screen with the list of all the apps installed on the device.

How to defend yourself

Even the installation of spy applications requires physical access to the victim's mobile phone, this is a fact. By virtue of this, the advice I can give is to stick to the suggestions I have already given you in the previous lines. In addition, you may want to take a look at the list of applications installed on your smartphone from time to time and see if there is anything suspicious.

• Your Android: to view the complete list of apps installed on Android you have to go to the menu Settings > App and select the tab All.
• iPhone: to view the list of applications installed on the iPhone you have to go to the menu Settings > Generali > Space on your device and iCloud > Manage space (at Device space).

On Android, another signal that can indicate the presence of spy apps on the device is the addition of new applications to the list of device administrators. Go therefore to the settings smartphone, presses on Safety and select the item Device administrators from the screen that is shown to you. Then check that in the list of apps that manage Android everything is in order. If not, remove the check mark from the "offending" application and uninstall it by looking for it in the list of Android apps.

If, on the other hand, you are afraid that someone has installed a spy app on your device but you are unable to view it, the only and most drastic solution is to format the phone by deleting all its contents. To find out how, check out my tutorial on how to format Android.

As for iPhones, if you have a device jailbroken you can try to identify spy applications by typing the code * 12345 in the dialer or trying to connect to addresses localhost: 8888 e localhost: 4444 from the browser. If there are spy apps installed on your device, most likely by doing this you will be able to access the real management panel and disable them.

Also I advise you to open Cydia and to carefully check the list of all the packages installed on the device: if you notice something strange, proceed with the removal of the relative package.

Even in the case of iPhones, if you are afraid that something may have installed a spy app but you can't locate it, you just have to do a complete reset of the device. If you don't know how to do it, you can read my article on how to resect iPhone to find out what steps you need to take.