Anyone with your phone number will suspend your WhatsApp account

Recent news has revealed that an intruder will suspend the WhatsApp account of a User where the User's phone number is all required. There is currently no proven solution to the problem.

This newly found vulnerability uses two different vectors, in which the attacker installs WhatsApp on a new computer, and ends up accessing your chat service number. The intruder cannot check the logic prompts to your phone due to the two-factor authentication scheme. After the intruder tries to log in enough times, the own login will be disabled for 12 hours after the attacker has failed.

If you are locked into the user's account, the intruder will send a help message via e-mail to WhatsApp, stating that your account has been lost or hacked and that the linked WhatsApp account needs to be disabled. The service checks this via e-mail and ends in your own account being suspended. This procedure is repeated by the attacker to ensure the account is completely disabled.

This attack was initially determined by security researchers Luis Márquez Carpintero and Ernesto Canales Pereña who had properly checked the method. At the end of the day, the findings were disturbing but it is to be remembered that this approach can’t be used to potentially obtain entry to an account, merely to restrict access from its rightful owner. Confidential text messages and addresses are not revealed.

Currently, WhatsApp is figuring out a way to solve this loophole until then one of their reps indicated that having an email address for the two-factor verification credentials would help prevent this hypothetical situation.

Post a Comment

Please do not enter any spam link in the comment box.