New WhatsApp flaw uses your own phone number against you
Well here is some news from another app having a security issue. According to Android Authority, a new WhatsApp vulnerability can allow attackers to suspend your account. Ironically, these attackers can use your own phone number to suspend your account. This news comes from researchers who found the loophole.
If you receive two-factor authentication that you didn’t expect, be careful. If this happens, an attacker may be trying to close your account. Forbes (Going through Android Police) reports that security researchers Luiz Márquez and Ernesto Canales Pereña have discovered the flaw that allows attackers to suspend your account. It’s scary because they only need your phone number.
The attacker will incorrectly ask and guess multiple two-factor SMS codes. Once this happens, WhatsApp locks the connections on the device for 12 hours. Once this happens, attackers will register a new email address and send an email to the support team asking them to deactivate the old number. They ask this and say the old number needs to be deactivated due to a lost or stolen account.
In this case, WhatsApp automatically deactivates the number without verifying the authenticity of the request. However, you could find yourself locked out and not be wiser.
New WhatsApp flaw allows attackers to use your own phone number against you
It is not a lost cause if you are locked out. You can recover your account after a 12 hour window has expired. However, if the attacker wants to be mean, he can redo the process two more times.
The third time, if they send an email to WhatsApp, your account will be locked and you will be forced to contact WhatsApp yourself.
The good news is, you probably won’t see this attack happening often. But despite this, WhatsApp still hasn’t discussed a potential solution to Forbes. However, the company recommends that users provide an email address with two-factor authentication.
This will help customer support if the user experiences this “unlikely problem”. If anyone attempts to carry out this attack, it will be a violation of the terms of service according to a spokesperson for WhatsApp.
The good thing is that users probably won’t see this attack. Most attackers want to steal accounts instead of deactivating them. Additionally, users will know something is going on when they receive two-factor authentications that they did not request. If this happens, contact WhatsApp support immediately.
WhatsApp provides the ability to easily find an owner’s phone number by searching for it. However, if someone wants to randomly cause trouble, they can easily get their target’s number.
This raises the question of the security of WhatsApp accounts. Flag is in a similar situation. In this case, their policy allows easy access to a large amount of information.
Hopefully the company will soon find a solution to this flaw. Only time will tell if WhatsApp will make a difference in the future to prevent possible attacks like this.