All Whatsapp users must beware of a new Whatsapp security flaw that allows anyone to deactivate your account using your phone number. The hackers don’t need any information about the user except the phone number. The attacker can block your account in this flaw but will not gain any access to it.
Hackers only Need Phone Number to Block Your WhatsApp Account.
The security researchers Luis Marquez Carpintero and Ernesto Canales Perena first discovered the flaw in the most popular messaging app. According to the researchers, the hackers first download the app on their phones and tries to log in by using the victim’s phone number.
However, when they try to log in, the victim gets a two-factor authentication code that Whatsapp sends. As the attacker does not get the code, and he keeps repeating the process, and due to failed attempts, Whatsapp disables the login process for 12 hours. With this, even the victim can’t log in to their account for the given period of time.
As the attacker couldn’t do anything by login, they try to send an email to Whatsapp. In the email, they claim that the phone number (the victim’s phone number) is lost or stolen, so that account needs to be deactivated. Without cross-checking, Whatsapp verifies it and suspends your account. And if the process is repeated, Whatsapp might permanently lock your account.
ESET’s Jake Moore told,
“There is no way of opting out of being discovered on WhatsApp. Anyone can type in a phone number to locate the associated account if it exists. Ideally, a move towards being more privacy-focused would help protect users from this, as well as forcing people to implement a two-step verification PIN.“
Regarding the Whatsapp security flaw, a spokesperson told Forbes that “giving an email address with two-step verification helps the customer service team avoid this scenario, but Whatsapp still has responsibility.
At present, there is no solution to this security flaw, and Whatsapp has also not provided any details on whether they are fixing it or not.
Whatsapp is one of the most popular apps with a huge user base of billions of users globally. At this moment, many users have not registered their accounts with their email addresses.