KEY POINTS

  • WhatsApp has a security flaw that attackers could exploit
  • This flaw leaves over two billion users vulnerable
  • WhatsApp has not given any update on how it would solve the issue

Cybersecurity researchers claim that any malicious actors with access to a WhatsApp phone number can use the app's security hole to suspend or lock users out of their accounts for a considerable time. While there is no easy solution to regain access to the locked account, there is a way to prevent this from happening.

WhatsApp Flaw And Hackers' Modus Operandi

The WhatsApp vulnerability was discovered by security researchers Ernesto Canales Pereña and Luis Márquez Carpinteros. According to Forbes, the attack is straightforward. Using the app, the attacker keys in the user's phone number and taps the Verify button. The real WhatsApp account owner receives the verification codes instead of the malicious actors.

The intention of the hacker is not to gain access to the account. Instead, they want to execute several failed attempts and retry the login process so the real account owner won't be able to request more codes for half a day.

The attacker then sends an email to WhatsApp support to ask the account associated with the phone number to be deactivated. They could provide the WhatsApp support team different reasons for deactivating the account, including a stolen mobile device. The support team, thinking that the request comes from the real account owner, would confirm the account deactivation and have that account suspended.

As of press time, WhatsApp has not given any information on whether it is resolving this security vulnerability.

WhatsApp has canceled its February 8 2021 deadline for accepting the tweak to its terms of service
WhatsApp has sued Indian Government over its new digital laws AFP / Lionel BONAVENTURE

How To Secure WhatsApp Account

Users should register an email address to their WhatsApp account via a six-digit two-step verification code to avoid getting their accounts deactivated by malicious actors. "Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem," a WhatsApp spokesperson said as per Gadget 360.

"The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate," the spokesperson added.

Although this step will not stop hackers from taking advantage of WhatsApp's vulnerability, it somehow discourages attackers from taking the offense lightly.