Here’s how a WhatsApp flaw allows anyone to temporarily suspend your account


A flaw discovered last weekend can get a user’s WhatsApp account completely suspended for hours on end without any easy solution for those affected by such an attack. — Icons vector created by Vectorium - www.freepik.com

WhatsApp is the most widely used encrypted messenger service used around the world, which means that it also receives a fairly large amount of attention from hackers and attackers trying to find loopholes and security flaws in the service.

One such flaw that was discovered last weekend can get a user’s WhatsApp account completely suspended for hours on end without any easy solution for those affected by such an attack.

Discovered by security researchers Luis Márquez Carpintero and Ernesto Canales Pereña, the attack can be used by a malicious actor to lock you out of your account, according to Forbes. In this case, it could be an estranged partner, a troll or an attacker who simply wants to lock you out of your account for an extended period. Once locked out of your account, there is no easy or immediate way to regain access to your account.

The attack itself is quite straightforward. An attacker downloads the WhatsApp app on a device and enters your phone number and taps the Verify button. Now they don’t actually have your SIM card, so you’ll begin receiving the verification codes instead of them. But since they don’t actually want to gain access to your account, they don’t want the code. Instead, the attackers make multiple failed attempts, retrying the login process until you are unable to request more codes for half a day.

At this point, you still have access to the WhatsApp service on your current smartphone, so the attacker emails WhatsApp support and asks for your (the target’s) number to be deactivated as the device has been stolen – WhatsApp will reply to that email to confirm, and just like that, your WhatsApp account is suspended.

According to WhatsApp, providing your email address with your six-digit two-factor authentication code could mitigate the issue, but that means sharing another piece of personal information with WhatsApp. – Hindustan Times, New Delhi/Tribune News Service

Article type: free
User access status:
   

Next In Tech News

EU court scraps Amazon's $303 million EU tax order
Mobile users unhappy with lack of dedicated 5G apps, services - Ericsson
Computer game helps health workers combat Covid spread
EU court to decide on Amazon tax appeal
New US electric car chargers are a green leap of faith
Saifuddin: Free calls to all mobile networks from tonight till 10am on first day of Raya
Penang physiologist makes ends meet as Foodpanda cyclist
U.S. removes Xiaomi from government blacklist, parties to resolve litigation
Ericsson to pay $97 million to Nokia for after settling damages claim
Delivery app Glovo’s customer data for sale on dark web

Stories You'll Enjoy


Vouchers