Beware, New WhatsApp Security Flaw Can Let Hackers Suspend Your Account Permanently!

Must Read

3 Most Common Mistakes Social Media Marketers Are Committing In 2016

In their quest for greater sales and increased ROI, the self-appointed “digital marketing guru” has lost touch with what...

The Best Selling Smartphones Of 2016: Apple iPhone 6s Tops The Chart

Good news for Apple, as a recent report by IHS Markit found that the Apple iPhone 6S was the...

A Big Blow To Amazon and Flipkart: CCI Investigation To Continue

Flipkart and Amazon continue to find themselves in hot water as their plea against the investigation that is being...

If you are someone who connects with their friends, family and colleagues via WhatsApp, then beware!

A glaring new vulnerability has been found in the Facebook-owned messaging platform’s security that a threat actor can easily leverage to suspend your WhatsApp account with no possible recourse entirely. But that’s not all.

To make things worse, there is no possible solution available for this issue as of now. So, how does this newly discovered security flaw can get exploited? Let’s find out.

Advertisements

The attacker first installs the WhatsApp app on a new device and enters the victim’s phone number to activate the chat and other related services. Next, they face WhatsApp’s 2-FA authentication system, which sends login prompts to the victim’s actual phone instead.

Finally, after multiple failed repeated attempts, when the login gets locked for 12 hours straight, this is where the tricky part begins.

With the victim’s official WhatsApp account locked, the malicious threat actor goes on to send a support message to the app from their email address claiming that he/she is the victim who has lost the device and thus the account associated with the number needs to be deactivated. After receiving the email, WhatsApp proceeds to verify the claim with a reply email and suspends the victim’s account without asking for any further inputs.

This dubious process can be repeated several times by an attacker to create a semi-permanent lock on the victim’s account. But thankfully, it is not something that is currently prevailing.

Luis Márquez Carpintero and Ernesto Canales Pereña reported the attack as a ‘proof-of-concept’ to display WhatsApp’s vulnerability. The result, as discussed above, is quite disturbing and devastating. However, the only silver lining here is that a threat actor cannot use this method to gain access to a victim’s account. No confidential text messages or contact information gets exposed in the process. The attacker can only block access to WhatsApp for the account’s legitimate owner.

Advertisements

When asked to comment on this vulnerability’s existence, WhatsApp reverted quite evasively and didn’t indicate they are working to reserve this security flaw.

A company representative said that the hypothetical scenario can be easily avoided if one provides an email address with their 2FA authentication credentials.

Furthermore, he added that violating the said vulnerability is a violation of WhatsApp’ terms of service. But will an actual threat actor take that into account? Probably no, as one can anonymously with the help of a throwaway email.

All in all, it seems that it is upon the users to look out for themselves after the company shared its less-than-satisfactory response. Maybe, Facebook, WhatsApp’s parent company, will look into it once Zuckerberg gets hit by the same attack, similar to how his contact details surfaced in the recent Facebook data breach. We will keep you updated on all future developments. Until then, stay tuned.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Ola IPO: No Earlier Than FY23 To Make The Most of Electric Vehicle Hype

Excited by the historic response to Zomato IPO, many other Indian startup unicorns have started gearing up for IPO....

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This