• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Help with possible hacking on WA that I cannot determine

LAtEd

New Member
Joined
May 31, 2024
Messages
1 (0.00/day)
Good morning. This is going to sound VERY strange but I need to know if what I have to say is possible. It has to do with WhatsApp.

My Dad is going through a nasty divorce and he does NOT want his new wife to know that he tells me everything...we are very close. He wants to keep the peace as much as possible between them as she is violent and just plain nasty.

Anyway, a little while ago I saw that on our messages on WA there is the little icon to say that messages will automatically delete. I asked him about it and he said he doesn't know, I talked him through how to get rid of it, he says it won't change. That isn't an issue though because he doesn't want her seeing our conversations so deletes many anyway.

BUT, last night he emailed me to say that his wife has received several forwarded WA with only our conversations forwarded. When she calls the number (which he asked her to do) it says it doesn't exist...which to me sounds like it is computer generated.

What I want to know is is it possible that she has set something up on his phone to forward our messages to her using some Spyware or Malware or whatever (don't know much about Apps such as that or Spyware in general). I find it so odd that it is ONLY our chats she has received via forwarding, that SHE gets the forwarded messages, and that it is from a number that doesn't exist. FYI, noone else knows about the divorce yet so I don't know who would, or could, possibly orchestrate something like this.

Please please please can you tell me if something like this is possible, and if so, how he can go about deleting whatever is set up to intercept messages.

He tells me everything about how she treats him and how violent she is. He holds nothing back from me but tells absolutely noone else in case anything gets back to her...which it is now doing.

I am desperate to help him here. Please can someone help me?

Thank you
Lauren
 
Good morning. This is going to sound VERY strange but I need to know if what I have to say is possible. It has to do with WhatsApp.
Let me start by saying, yes this is possible.

My Dad is going through a nasty divorce and he does NOT want his new wife to know that he tells me everything...we are very close. He wants to keep the peace as much as possible between them as she is violent and just plain nasty.
Who is the violent one? Nasty divorce and new wife contradicts the rest of this quote. I hope the violent one is the one involved in the divorce. I will assume there is a typo here, instead of a massive red flag.

Anyway, a little while ago I saw that on our messages on WA there is the little icon to say that messages will automatically delete. I asked him about it and he said he doesn't know, I talked him through how to get rid of it, he says it won't change. That isn't an issue though because he doesn't want her seeing our conversations so deletes many anyway.
Just to confirm: Press the three dots in the top right corner of the main screen - Settings - Privacy in the app will let you change the default setting for disappearing messages. In an existing chat you can click the three dots in the top right corner to change the disappearing messages setting for that specific chat thread. I use the Android app, so no idea if this is identical in the iOS app if he got an Apple device.
You should also protect WA with a pin code and biometrics to prevent others from snooping, making the need to delete messages less important in theory.

BUT, last night he emailed me to say that his wife has received several forwarded WA with only our conversations forwarded. When she calls the number (which he asked her to do) it says it doesn't exist...which to me sounds like it is computer generated.
I am not sure if you can spoof a sender number in WA. It used to be possible to register a WA account then cancel that number. Someone I knew a few years ago moved to a different country, but their WA was still registered on their old phone number for a long time after they cancelled that number. Just don't get logged out so you need to reauthenticate your number. I can't say for sure if that is still possible.

For normal calls, not VoIP calls like in WA, it is possible to trick callers into thinking your number does not exist by forwarding calls to a non-existing number. At least the last time I checked, this was still possible. But then they send you a message and those ignore forwarding. Anywho, let us step away from that rabbit hole.

Honestly, do not get hung up on these technical details. You should focus on removing access to his messages in the first place. Not where they came from after the fact imho.

What I want to know is is it possible that she has set something up on his phone to forward our messages to her using some Spyware or Malware or whatever (don't know much about Apps such as that or Spyware in general). I find it so odd that it is ONLY our chats she has received via forwarding, that SHE gets the forwarded messages, and that it is from a number that doesn't exist. FYI, noone else knows about the divorce yet so I don't know who would, or could, possibly orchestrate something like this.
Does/did his old spouse have access to his phone? Does she know his pin code or passwords? With access to his phone there are a number of ways (usually an app) to spy on a phone. I have not looked into this before, but it also appears that WA recently added support for multiple devices on the same account. Therefore it is possible that another device have access to the same account simply by being logged in.

For this next part I am basically guessing. It should, in theory, be possible to gain access to WA messages through phone backups. Assuming WA saves a backup of messages there and your fathers account is compromised.

Please please please can you tell me if something like this is possible, and if so, how he can go about deleting whatever is set up to intercept messages.
I can't actually tell you how these messages were intercepted. I would need access to his phone to do a more detailed job and we both know that is not happening.

But I will say these basic rules apply:
- Look in appstore history, see if there are any weird apps being installed. Look for apps in the app folder and on the home screen that are unknown or blank icons.
- Change passwords/pin codes everywhere. Email, Apple/Google account, Facebook, whatever your father use. Change the pin code on the phone and delete all stored faces and/or fingerprints then save new "copies". If possible you can go one step further and factory reset the phone.
- Check for duplicate logins on his computer/tablet/other devices.
- Protect his WA app with a pin code and biometrics.
- Check with his phone company if there are any indication of a cloned SIM card

Get his phone/computer/tablet checked out by a professional security expert if you want to take this up a notch.

These suggestions are by no means a complete list. And remember I am just some stranger on the internet that claim to know stuff.

He tells me everything about how she treats him and how violent she is. He holds nothing back from me but tells absolutely noone else in case anything gets back to her...which it is now doing.

I am desperate to help him here. Please can someone help me?

Thank you
Lauren
What I would strongly advice is to use a better (more secure) app than WA for this type of communication. Signal for example.

Because I would personally never trust Meta (Owner of Facebook, Instagram, Whatsapp, and more) to keep my very important communication secure.
 
Let’s try to keep this technical.
 
Unless things have changed, you can verify the whatsapp chat encryption by comparing eachothers chat encryption
qr codes (or associated codes). If your two codes are different, you could be communicating with someone in the middle.

Theoretically, I think you can just start a new chat, make sure the end to end encryption codes match from the start, and then you should be safe for the rest of that chat. From there it shouldn't be possible for someone to directly start intercepting messages in the middle of the conversation, but I don't know if they have dumbed it down and made it less secure at some point and this is no longer true.
 
Back
Top