Disturbing Flaw Discovered In WhatsApp’s Security

  • WhatsApp’s security flaw.
  • How hackers exploit this flaw to suspend your account.
  • How to avoid being a victim of this flaw.

It has been recently discovered that it is possible for a cyber attacker to completely suspend your account using just your phone number and there is nothing you can do about it yet.

How hackers exploit this flow to suspend your account

The cyber-criminal installs WhatsApp on a smartphone device and enters your number to verify it and activate the account. Of course, they can’t verify it without your sim card because the verification code is sent to your phone instead and also because of the two-factor authentication system. After multiple repeated and failed attempts, your login will be locked for 12 hours.

With your account locked, the attacker sends a support message to WhatsApp from their email address, claiming that their (your) phone has been lost or stolen and that the account associated with your number needs to be deactivated. WhatsApp “verifies” this with a reply email, and suspends your account without your knowledge. The attacker can repeat the process several times in succession to create a semi-permanent lock on your account.

As much disturbing as this newly-discovered method is, it cannot be used to gain access to an account. It simply blocks access to its legitimate owner and causes you great inconvenience’s. Confidential messages are not exposed through this process.

How to avoid being a victim of this flaw

WhatsApp owners Facebook recently had a data leak where personal information of over 500 million users across the globe including phone numbers was posted on a website used by hackers. If your number is part of the leak, these criminals can use it to suspend you from accessing your account. Visit haveibeenpawned.com to check whether your data and phone number were leaked or not.

To avoid being a victim of these sinister activities, avoid giving out your number on social media as you can be fooled into giving up your number, a technique known as social engineering. However there are many ways a hacker can get hold of your password, they can trick people close to you into giving your number.

As of now, there is no way to reverse or solution to this action. Once a hacker with the intent of hurting you has your phone number, you are into trouble. The attack is a proof-of-concept from a pair of security researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, and was first reported by Forbes.