The flaw was discovered by security researchers Luis Márquez Carpintero and Ernesto Canales Perena. In the Forbes report, these researchers have said that this error is due to two basic shortcomings in the app. The first flaw gives the attacker the freedom to add your phone number to his WhatsApp account. Yes, of course this will not give the attacker control of your WhatsApp account unless he has access to the 6 digit registration code received on your phone. Many unsuccessful attempts in this direction will block the attacker’s phone’s WhatsApp account for 12 hours from entering the code.
Attackers cannot repeat the sign in process again and again with your phone number. They will contact WhatsApp support to deactivate your account from the app. For this they will need a new e-mail address and a simple mail stating that your phone has been stolen or lost. In response, WhatsApp will only ask you for confirmation, which the attacker can easily provide.
After this your WhatsApp account will be closed and you will not be able to use it again. You can’t prevent this from happening, even with two-step authentication. This is because the attacker has locked the account through email. Normally when the account becomes deactivated you can reactivate it through phone number verification. Whereas in this situation of account hacking, the attacker has already stopped the verification process for 12 hours. This means that you will not be able to receive any new registration code for the next 12 hours.
WhatsApp will behave on your phone in the same way as it is doing on the attacker’s phone, that is, your sign-in process will stop. After this you are left with only one option. That option is to contact the messaging app via email to reactivate your account.
A WhatsApp spokesperson told Gadgets 360 that there is a way users can avoid this problem. For this, they will have to register their email in their account through two-step verification.
“Registering an email through two-step verification helps our team assist users with similar issues in the future. The circumstances reported by the researcher affect our Terms of Service. We encourage users to “We encourage you to report any type of issues to our support team so we can investigate,” the spokesperson said.
However, WhatsApp did not provide any details about what it is doing to prevent the negative impact of this vulnerability on people. It is not yet clear whether any attacker has carried out this in an extended form or not. The news of this shortage has now reached the general public. In such a situation, there is a possibility that any person can stop any other user from using WhatsApp – even if only for a few hours.
WhatsApp has a huge userbase. It has more than 2 billion users worldwide. WhatsApp has 400 million users in India alone. At present, most of the users have not registered the email address in their WhatsApp account. So the potential for app-related insecurity is very wide.
For the latest tech news, smartphone reviews and exclusive offers on popular mobiles, download the Gadgets 360 Android app and follow us on Google News.
