advertisement
Instant messaging platform WhatsApp is reportedly found to have a vulnerability which can allow a cyber attacker to suspend your account using your phone number.
According to security researchers Luis Márquez Carpintero and Ernesto Canales Pereña, the flaw exists on the instant messaging app due which a large number of people might be affected, as a cyber attacker can deactivate your WhatsApp and then restrict you from re-activating it.
Shockingly, the vulnerability can be exploited even if you have enabled two-factor authentication (2FA) for your WhatsApp account.
An attacker downloads the WhatsApp app, enters your phone number on the registration page and clicks on the ‘verify’ button. Now, since the attacker does not have your sim card you will start receiving OTPs on your mobile device.
The attacker does not require an OTP to suspend your account. Instead, the attacker makes multiple failed attempts until WhatsApp bans OTP verification codes for 12 hours.
Now, the attacker emails WhatsApp support and asks them to deactivate your account. As per the researchers, WhatsApp will reply to that email to confirm, and just like that, your WhatsApp account will be suspended.
A WhatsApp spokesperson told Gadgets 360 that users should register for two-step verification, which will help them avoid the problem of getting their accounts deactivated by attackers.
“Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate,” the spokesperson said.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)