A new vulnerability has been spotted where the attacker can get anyone’s WhatsApp account deactivated remotely.
What is scary about this security vulnerability on WhatsApp is that not even the security protection feature 2FA can work against this flaw.
Forbes reports that this new vulnerability involves two WhatsApp processes that appear to have a “fundamental weakness”.
According the the magazine, the attacker can easily exploit these two weaknesses to get the victim’s account suspended from the instant messaging app.
The flaw has been discovered by security researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, who revealed that it’s really easy to get a person’s WhatsApp account block.
How it works:
Hacker first attempts to install WhatsApp on their phone using your number. However, they are not able to register on the app with your number as they will require a six-digit registration code. So, the hacker tries multiple attempts to sign in using random code registration digits after which WhatsApp blocks the code entries on the app installed on the hacker’s phone for 12 hours straight.
Now, you might say to yourself, ‘okay that doesn’t sound too bad to me!’. But, here’s where it gets tricky.
The hacker now contacts WhatsApp customer support via email stating that their phone has been stolen and wants their WhatsApp account that’s registered with ‘your’ number deactivated.
Now, there’s no way for WhatsApp to know whether the email is really from you or someone else and this is the weakness that the hackers can easily exploit.
As reported by Forbes, there are no questions asked to confirm your ownership of the number. An automated process gets triggered and your account will be deactivated.
According to a WhatsApp spokesperson, “providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate”.
But, WhatsApp hasn’t revealed details as to whether it is going to do something about these flaws that are open to abuse.