New WhatsApp Vulnerability Could Lock You Out From Your Account
The vulnerability can be exploited even if you have enabled two-factor authentication for your WhatsApp account.
Instant messaging platform WhatsApp is reportedly found to have a vulnerability which can allow a cyber attacker to suspend your account using your phone number.
According to security researchers Luis Márquez Carpintero and Ernesto Canales Pereña, the flaw exists on the instant messaging app due which a large number of people might be affected, as a cyber attacker can deactivate your WhatsApp and then restrict you from re-activating it.
Shockingly, the vulnerability can be exploited even if you have enabled two-factor authentication (2FA) for your WhatsApp account.
How Does This Attack Work?
An attacker downloads the WhatsApp app, enters your phone number on the registration page and clicks on the ‘verify’ button. Now, since the attacker does not have your sim card you will start receiving OTPs on your mobile device.
The attacker does not require an OTP to suspend your account. Instead, the attacker makes multiple failed attempts until WhatsApp bans OTP verification codes for 12 hours.
Now, the attacker emails WhatsApp support and asks them to deactivate your account. As per the researchers, WhatsApp will reply to that email to confirm, and just like that, your WhatsApp account will be suspended.
What Can You Do?
A WhatsApp spokesperson told Gadgets 360 that users should register for two-step verification, which will help them avoid the problem of getting their accounts deactivated by attackers.
“Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate,” the spokesperson said.
(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.