Beware, New WhatsApp Security Flaw Can Let Hackers Suspend Your Account Permanently!

Must Read

With Free Delivery and Zero Surge Pricing, What’s Swiggy Upto?

Be it fancy, hearty meals delivered at door-step or being the savior of late-night food cravings - Swiggy has...

How To Leverage On Cold Calling to Help You Win Big In 2021

Cold calling is an old-fashioned sales strategy that involves sales representatives reaching out to prospective customers who have not...

Are You A Gaming Geek: ‘Five Commandments’ Before You Buy Video Games Online !

Does your day start with joysticks instead of coffee mugs? Or as a kid your best friends were the...

If you are someone who connects with their friends, family and colleagues via WhatsApp, then beware!

A glaring new vulnerability has been found in the Facebook-owned messaging platform’s security that a threat actor can easily leverage to suspend your WhatsApp account with no possible recourse entirely. But that’s not all.

To make things worse, there is no possible solution available for this issue as of now. So, how does this newly discovered security flaw can get exploited? Let’s find out.

Advertisements

The attacker first installs the WhatsApp app on a new device and enters the victim’s phone number to activate the chat and other related services. Next, they face WhatsApp’s 2-FA authentication system, which sends login prompts to the victim’s actual phone instead.

Finally, after multiple failed repeated attempts, when the login gets locked for 12 hours straight, this is where the tricky part begins.

With the victim’s official WhatsApp account locked, the malicious threat actor goes on to send a support message to the app from their email address claiming that he/she is the victim who has lost the device and thus the account associated with the number needs to be deactivated. After receiving the email, WhatsApp proceeds to verify the claim with a reply email and suspends the victim’s account without asking for any further inputs.

This dubious process can be repeated several times by an attacker to create a semi-permanent lock on the victim’s account. But thankfully, it is not something that is currently prevailing.

Luis Márquez Carpintero and Ernesto Canales Pereña reported the attack as a ‘proof-of-concept’ to display WhatsApp’s vulnerability. The result, as discussed above, is quite disturbing and devastating. However, the only silver lining here is that a threat actor cannot use this method to gain access to a victim’s account. No confidential text messages or contact information gets exposed in the process. The attacker can only block access to WhatsApp for the account’s legitimate owner.

Advertisements

When asked to comment on this vulnerability’s existence, WhatsApp reverted quite evasively and didn’t indicate they are working to reserve this security flaw.

A company representative said that the hypothetical scenario can be easily avoided if one provides an email address with their 2FA authentication credentials.

Furthermore, he added that violating the said vulnerability is a violation of WhatsApp’ terms of service. But will an actual threat actor take that into account? Probably no, as one can anonymously with the help of a throwaway email.

All in all, it seems that it is upon the users to look out for themselves after the company shared its less-than-satisfactory response. Maybe, Facebook, WhatsApp’s parent company, will look into it once Zuckerberg gets hit by the same attack, similar to how his contact details surfaced in the recent Facebook data breach. We will keep you updated on all future developments. Until then, stay tuned.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

CRED Valuation Soars To $4 Billion As It Raises $251 Million

The fast-growing Credit card payments company CRED has concluded a $251 million financing round and has boosted its value...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This