Remote Attackers Will be Able to Deactivate Your WhatsApp Account Now

Do you use Whatsapp? Stay on guard against the remote attackers…learn more…

Wednesday, 14th April 2021

An unpleasant surprise was in store for WhatsApp’s 2 billion users when a mind-boggling security risk surrounding it, came to the forefront. As per the new findings, a remote attacker will now have the ability to quite simply deactivate your account with the help of just your phone number. They can then prevent you from getting back into your WhatsApp account.

The defect discovered by security researchers is believed to have existed on the platform for quite a while now. Even the two-factor authentication is not going to help stop this.

This vulnerability on the instant messaging app was discovered by security researchers Luis Márquez Carpintero and Ernesto Canales Pereña, who inferred that the flaw exists where it does primarily due to two fundamental weaknesses.

By virtue of the first weakness, the attacker finds an entryway into your phone number on WhatsApp installed on their own devices. This, however, will not enable them to sign in, unless they obtain the six-digit registration code that you will get on your phone. Thus they will not get immediate access to your WhatsApp account.

Also Read: Google Dislodged Rumours and Said the Pixel 5a 5G Will be Launched in US and Japan.

After repeated failed attempts at signing in using your phone number, code entries on WhatsApp installed on the attacker's phone will also be blocked for 12 hours.

However, even though the attacker will not be able to go on repeating the sign-in process with the help of your phone number, they will be able to contact WhatsApp support to deactivate your phone number from the app.

All they need is a new email address and regular mail that will say that the phone has been stolen or lost. WhatsApp in turn will respond to that email and ask for a confirmation that can be instantly provided from the attacker’s end.

This in turn will deactivate your WhatsApp account which entails that you will not be able to access the instant messaging app on your phone any longer. Moreover, since the account has been seemingly deactivated through the email sent by the attacker, you will not be able to avoid that deactivation by using 2FA on your WhatsApp account.

Unlike a regular deactivation case where you can activate your WhatsApp account back by verifying your phone number, here this will not be possible.

In this case, if the attacker has already locked the verification process for 12 hours after making repeated failed attempts to sign in to your WhatsApp account, it means that you'll also be restricted from getting a new registration code on your phone number for that duration of time.

There has been no comment from WhatsApp on whether it is fixing the vulnerability.

The News Talkie Bureau

Source:

Gadgets NDTV