WhatsApp is a platform that is used by billions of users around the world everyday, and for many (such as this writer), the app has practically superseded traditional messaging services as my go-to text communication channel. And a big part of the chat service’s success is down to end-to-end encryption—which basically means that any data transmitted between users is encrypted, and only the sender and recipient (the end to end) can decrypt the contents of messages and other media files such as documents.
But.
There now appears to be a new loophole that allows attackers to use your phone number to lock you out of your own WhatsApp account. The main problem? All the attackers need is your phone number. As first reported by Forbes, researchers have now found that the bug (you could call it that, I suppose) was a “worrying hack” that could affect “millions of users”. The worrying part of all of this is how easy it is to actually set this in motion.
So, this new security flaw involves two main processes. Firstly, when you install WhatsApp on a new phone, you usually get an SMS verification code. Next, WhatsApp (tries to) verify you as the user who is setting up WhatsApp for the first time on a new device. If an attacker does this, they will not receive the verification code, preventing them from taking over the account. All good so far, right?
Well, no. As it turns out, attackers can repeatedly request for 2FA verification on your WhatsApp account—which won’t work, but it will eventually suspend your account for 12 hours. This means that through no fault of your own, you could lose access to WhatsApp for an extended period of time just because someone has made attempts to get into your account.
It gets worse. Next, attackers can then reportedly send an e-mail to WhatsApp themselves, reporting a lost/stolen smartphone and asking for the account to be locked for a longer period of time. The researchers also claim that WhatsApp then confirms this extended suspension in an email—without any sort of verification on the user (attacker) requesting this.
It must be noted that this loophole doesn’t actually give attackers access to your messages and private data, it only allows these parties to lock you out of your own account. But given the importance of the communication that happens over WhatsApp—and the sensitivity of certain private data shared—it’s certainly a worry. For now, be sure to enable 2FA to prevent attackers from actually taking over your account, and you’re best advised to include an email address for that very purpose.
And of course, never share verification codes with anyone.
Vivo has announced that it will be launching the Vivo X200 series in Malaysia on…
Samsung has just launched its latest budget-oriented smartphone, the Galaxy A16 5G here in Malaysia.…
This post is brought to you by Yes 5G. If you’ve been eyeing the latest…
Not too long after launching the RedMagic 9S Pro in Malaysia, the gaming brand under…
The Oppo Find X8 series will be launching globally on 21st November 2024 and Malaysia…
During the recent 2014 Kia EV Day APAC, the Korean carmaker unveiled four new electric…
This website uses cookies.