Attackers can use this vulnerability to block your WhatsApp account

Attackers can use this vulnerability to block your WhatsApp account

www.systembaba.com (Z Shah) - Apr 14, 2021

According to the Forbes report published by security researchers Luis Marquez Carpintero and Ernesto Canales Perenya, the new vulnerabilities in "Instant Messaging App" appear to have long existed.

In addition, even if you have two-factor authentication, an attacker can prevent you from reactivating your account.

According to the report, there are two basic flaws in the existence of this vulnerability:

The first vulnerability allows an attacker to enter your phone number into WhatsApp. The attacker may use your phone number to log in to your account.

Attackers will still not receive the six-digit security code sent to your account via SMS, but they can re-enter the wrong security code and prevent your account from being reinstalled for 12 hours.

 At the same time, attackers can take advantage of the second basic weakness and contact WhatsApp support, and they can request their number to be permanently deactivated. 

All the attacker has to do is to convince WhatsApp that your phone number is indeed yours by writing an email with a new email ID stating that "your" phone has been lost or stolen.

This is what you are doing

By exploiting the vulnerability, an attacker can easily deactivate your WhatsApp account.

If your account is periodically suspended, you can cancel the suspension at any time by checking your phone number.

However, if multiple login attempts have been made following the steps above and new login attempts are blocked, this method will not work.

After several attempts to reset the account, WhatsApp will block the user.

Once an attacker exploits this vulnerability, he will simply identify his login attempt as a third party trying to gain access.

This effectively convinces WhatsApp that you are an attacker trying to gain access.

What measures can be taken to prevent such attacks?

"Providing two-step verification for your email will help our customer support team to help people when they encounter this minor issue.

The researcher identified a personal violation We recommend that anyone who needs help email our support team so that we can investigate.

This process shows that users can protect themselves from this by linking their WhatsApp account to their email ID Attack vector attack.

WhatsApp has not mentioned whether the company will try to fill this gap. At the same time, it is best to associate your email ID with your account.