New WhatsApp Security Flaw Might Allow Attacker to Suspend your Account
All Whatsapp users must beware of a new Whatsapp security flaw that allows anyone to deactivate your account using your phone number. The hackers don’t need any information about the user except the phone number. In this flaw, the attacker can block your account but will not gain any access to it.
Hackers only Need Phone Number to Block Your WhatsApp Account
The security researchers Luis Marquez Carpintero and Ernesto Canales Perena first discovered the flaw in the most popular messaging app. According to the researchers, the hackers first download the app on their phones and tries to log in by using the victim’s phone number.
However, when they try to log in, the victim gets a two-factor authentication code which is sent by Whatsapp. As the attacker does not get the code, and he keeps repeating the process and due to failed attempts, Whatsapp disables the login process for 12 hours. With this, even the victim can’t log in to their account for the given period of time.
As, the attacker couldn’t do anything by login, now they try to send an email to Whatsapp. In the email, they claim that the phone number (the victim’s phone number) is lost or stolen so that account needs to be deactivated. Without cross-checking, Whatsapp verifies it and suspends your account. And if the process is repeated, then Whatsapp might permanently lock your account.
ESET’s Jake Moore told,
“There is no way of opting out of being discovered on WhatsApp. Anyone can type in a phone number to locate the associated account if it exists. Ideally, a move towards being more privacy focused would help protect users from this, as well as forcing people to implement a two-step verification PIN.”
Regarding the Whatsapp security flaw, a spokesperson told to Forbes, that “giving an email address with two-step verification helps the customer service team to avoid this scenario, but still, Whatsapp has responsibility.
At present, there is no solution to this security flaw and Whatsapp has also not provided any details on whether they are fixing it or not.
Whatsapp is one of the most popular apps with a huge user base of billions of users globally. At this moment, there are many users who have not registered their accounts with their email addresses.