News

Your WhatsApp Account Can Be Suspended by Anyone Who Has Your Phone Number

In recent news, a loophole in WhatsApp has been determined where an attacker can completely suspend a user’s WhatsApp account where all is needed is the user’s phone number. Presently, there is no known solution for the issue.

This newly-discovered flaw primarily uses two separate vectors where the attacker installs WhatsApp on a new device and ends up entering your number to activate the respective chat service. Due to the two-factor authentication system, the attacker can not verify as the system sends the logic prompts to your phone. Once the attacker has attempted to login in multiple times and fails, your own login will be locked for the next 12 hours.

With the user’s account locked, the attacker can send a support message to WhatsApp from their email address where they claim your account as their own and inform WhatsApp that your phone had been lost or stolen and the WhatsApp account associated needs to be deactivated. The service then verifies this with an email reply and ends up suspending your own account. The attacker repeats this process to ensure that your account is permanently deactivated.

Image source: Forbes

This attack was initially determined by security researchers Luis Márquez Carpintero and Ernesto Canales Pereña who had properly tested the method. At the end of the day, the results were disturbing though it is to be noted that this method can’t be used to actually gain access to an account, merely to block access by its legitimate owner. Confidential text messages and contacts are not exposed.

Currently, WhatsApp is working out a solution to fix this loophole until then one of their representatives suggested that providing an email address with your two-factor authentication credentials can help avoid this hypothetical scenario.

Sponsored
Usman Aslam

A tech enthusiast, writer, researcher and strategist working on the latest technologies and making an impact. Usman has been heavily focused on building communities, empowering people through technological trends and advancements for over 3+ years including many notable names such as IEEE Region 10, TEDx, Google Developers, United Nations Programmes, Microsoft Partner Program and much more. Reach out: usman.aslam@techjuice.pk

Leave a Comment
Share
Published by
Usman Aslam

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

8 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

8 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

9 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

9 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

9 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

10 hours ago