Compromised Phone through WhatsApp call?

[6CRqSy]

[Device: iPhone 15Pro, little bit out of date OS (17.3.1), current WhatsApp]

Hi,

I recently got a call from a foreign phone number on WhatsApp. I answerd the call though they immediately hung up. I realized later that the number came from Cuba, where I have never been. (I also may have accidentally called them back instead of pressing the info button afterwards, hung up immediately though).

 

I am now curious if any WhatsApp Phone Call could compromise/hack an iPhone. Through googling, I found out that there were high level cases in the past, though I probably would never be targeted that hard.

If not I wonder why someone would do something like this, I am aware of these "call and hope they call back" scams, though they wouldn't work on WhatsApp. Of course, it could have been an accident, though as the profile picture of the caller changed drastically an hour later, I assume it's more likely not to be totally legitimate.

 

I am a bit worried if the phone could have gotten malware or so (especially as my OS was out of date for a few weeks, now fixed)...

 

[da na]

Likely just a normal spam call, or maybe misdial. You won't get a virus from it; you'd have to actually receive a file for that to happen and files can't be sent over a phone call. (Unless you've got a 56K modem plugged into your iphone.)

[Mark Kaine]

33 minutes ago, da na said:

Likely just a normal spam call, or maybe misdial. You won't get a virus from it; you'd have to actually receive a file for that to happen and files can't be sent over a phone call. (Unless you've got a 56K modem plugged into your iphone.)

well theoretically a phone call on whosstillusingthispos whatsapp could transmit whatever,  its just data, right?  (remember some other exploit where it was unusual signs and letters, think also apple, through text messages)

[6CRqSy]

Hmm, I mean, there is this: https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-overflow/, soooo theoretically there at least was a possibility...

 

I would have assumed that this would be a quite sophisticated hack (last time it was seemingly something by the NSO Group) and therefore nothing that someone would waste on me. The thing is, I don't get why someone would try a spam call and then just hang up. I mean, they actually had me on the phone, so why not do what you want to do?

 

Of course it could have been a mistype, though the account has an extremely generic profile picture that changed soon after the call (it is now a different person).

[Kilrah]

Extremely unlikely, exploits are worth much and simple phishing works on enough people so that's usually what it is. If you hadn't hung up you'd probably have gotten someone who tried to convince you to send money somewhere for some reason they'd hope you believed was legitimate.

[6CRqSy]

Just now, Kilrah said:

If you hadn't hung up

The thing is, it wasn't me, they hung up immediately (WhatApp says 1 second of call time), that is what makes it so suspicious to me...

 

3 minutes ago, Kilrah said:

Extremely unlikely

Yeah, I hope so, I am thinking of resetting my phone, though this would be an enormous amount of work that I do not want to do...

[Kilrah]

3 minutes ago, 6CRqSy said:

The thing is, it wasn't me, they hung up immediately (WhatApp says 1 second of call time), that is what makes it so suspicious to me...

 

So yeah they hope you're going to call back.

[seanondemand]

Are you an investigative journalist chasing stories about dictators? Assuming no, don’t stress. Hackers aren’t going to waste zero-days on small fish.

[6CRqSy]

Thank you all for your replies, yeah I guess I'll just hope that it is nothing for now

 

11 hours ago, Kilrah said:

So yeah they hope you're going to call back.

Ohh now I understand...

The thing that bothers me though is that I really don't understand what they would achieve with me calling back instead of they calling me, and they had me answer the phone, though it probably will remain a mystery as none of us will be able to answer this...

 

I do have one last question: Would you report that account? I do not want to get someone into trouble when there is a chance that it could have been just an accident... I do have no proof that it is malicious after all...

 

Thanks again

[Kilrah]

5 hours ago, 6CRqSy said:

The thing that bothers me though is that I really don't understand what they would achieve with me calling back instead of they calling me, and they had me answer the phone, though it probably will remain a mystery as none of us will be able to answer this...

Probably a "filter" just like most scam emails are deliberately easy to spot, talking with someone who'd understand it's a scam after a while would just be a waste of their time, they're better off trying more people during that time. If you're not seeing the obvious signs or call back there's more of a chance you'll bite.

 

5 hours ago, 6CRqSy said:

Would you report that account? I do not want to get someone into trouble when there is a chance that it could have been just an accident... I do have no proof that it is malicious after all...

Yup, whatsapp and co won't ban an account based off a single report so if it was a genuine mistake it wouldn't get them in trouble, they only would if they got a number of reports.