Beware, New WhatsApp Security Flaw Can Let Hackers Suspend Your Account Permanently!

Must Read

Google Just Got Super Smart: Launches The Knowledge Graph

If there is one product on the Internet that has had absolutely no competition whatsoever, it is Google Search....

What Everyone Ought To Know About Social Bookmarking

As a marketer, you might be wearing different hats in your startup. Strategizing content, Executing SEO activities, drawing a social media...

E-Commerce Industry In India Worth $13.5 Billion In 2014: Will Cross $16 Billion In 2015

According to the latest report by IAMAI and IMRB International, the eCommerce industry in India reached a value of INR 81,525...

If you are someone who connects with their friends, family and colleagues via WhatsApp, then beware!

A glaring new vulnerability has been found in the Facebook-owned messaging platform’s security that a threat actor can easily leverage to suspend your WhatsApp account with no possible recourse entirely. But that’s not all.

To make things worse, there is no possible solution available for this issue as of now. So, how does this newly discovered security flaw can get exploited? Let’s find out.

Advertisements

The attacker first installs the WhatsApp app on a new device and enters the victim’s phone number to activate the chat and other related services. Next, they face WhatsApp’s 2-FA authentication system, which sends login prompts to the victim’s actual phone instead.

Finally, after multiple failed repeated attempts, when the login gets locked for 12 hours straight, this is where the tricky part begins.

With the victim’s official WhatsApp account locked, the malicious threat actor goes on to send a support message to the app from their email address claiming that he/she is the victim who has lost the device and thus the account associated with the number needs to be deactivated. After receiving the email, WhatsApp proceeds to verify the claim with a reply email and suspends the victim’s account without asking for any further inputs.

This dubious process can be repeated several times by an attacker to create a semi-permanent lock on the victim’s account. But thankfully, it is not something that is currently prevailing.

Luis Márquez Carpintero and Ernesto Canales Pereña reported the attack as a ‘proof-of-concept’ to display WhatsApp’s vulnerability. The result, as discussed above, is quite disturbing and devastating. However, the only silver lining here is that a threat actor cannot use this method to gain access to a victim’s account. No confidential text messages or contact information gets exposed in the process. The attacker can only block access to WhatsApp for the account’s legitimate owner.

Advertisements

When asked to comment on this vulnerability’s existence, WhatsApp reverted quite evasively and didn’t indicate they are working to reserve this security flaw.

A company representative said that the hypothetical scenario can be easily avoided if one provides an email address with their 2FA authentication credentials.

Furthermore, he added that violating the said vulnerability is a violation of WhatsApp’ terms of service. But will an actual threat actor take that into account? Probably no, as one can anonymously with the help of a throwaway email.

All in all, it seems that it is upon the users to look out for themselves after the company shared its less-than-satisfactory response. Maybe, Facebook, WhatsApp’s parent company, will look into it once Zuckerberg gets hit by the same attack, similar to how his contact details surfaced in the recent Facebook data breach. We will keep you updated on all future developments. Until then, stay tuned.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Facebook’s Content Censorship Policies Are Broken, And It Must Be Fixed ASAP!

Facebook's very own independent content oversight board has testified about the social media behemoth's content moderation shortcomings! Michael McConnel, the...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This