According to reports, a recent WhatsApp vulnerability allows attackers to remotely suspend your account by using your phone number. The latest vulnerability appears to have existed on the instant messaging app for a long time, according to a Forbes study by security researchers Luis Márquez Carpintero and Ernesto Canales Perea. Furthermore, even though you have Two-Factor Authentication, it enables attackers to prevent you from accessing your account again.
Also read: Clubhouse Android app to launch soon
According to the study, the vulnerability is caused by two fundamental flaws. The first flaw allows attackers to use their phones to insert your phone number into a WhatsApp installation. The intruder will then start logging into your account using your phone number.
Although the intruder will not be able to access the six-digit security code sent to your account via SMS, he or she will be able to repeatedly enter incorrect security codes, causing your account to lock new installations for 12 hours.
Meanwhile, the attacker will take advantage of the second fundamental flaw by contacting WhatsApp’s customer service and requesting that your number be permanently deactivated. To persuade WhatsApp that your number is really his or hers, the intruder simply needs to send an email from a new email address claiming that ‘their’ phone has been lost or stolen.
“There is no way of opting out of being discovered on WhatsApp. Anyone can type in a phone number to locate the associated account if it exists. Ideally, a move towards being more privacy focused would help protect users from this, as well as forcing people to implement a two-step verification PIN,” ESET’s Jake Moore told the Forbes.
He also cautioned that if WhatsApp does not improve its security or implement a more rigorous system, millions of users may be hit by this attack.
You might also like: Joker malware spread over 500,000 Huawei Android devices
“Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem”.
WhatsApp spokesperson told Forbes in response to the latest security vulnerabilities.
“The circumstances identified by this researcher would violate our terms of service, and we encourage anyone who needs help to email our support team, so we can investigate”.
You might also like: Facebook advertised a fake ‘Clubhouse for PC’ app infected with malware