WhatsApp is the most widely encrypted messenger service used around the world. A ruthless new surprise for WhatsApp 2 billion users. Security researchers have identified a new WhatsApp security flaw that could allow a hacker to suspend your account using your phone number. A new vulnerability has been recognized where the hackers can get anyone’s WhatsApp account deactivated remotely. According to researchers Luis Marquez Carpintero and Ernesto Canales Perena, the hacker can only get your account suspended but cannot gain access to it. The scary part of this WhatsApp security flaw is that not even the security protection 2FA feature can work against this flaw!
Here’s The Flaw And How Its Works
The hacker first tries to install WhatsApp on their smartphone using your number. However, they are not able to register WhatsApp with your number and they’ll require a 6-digit verification code. The hacker continues to attempt to log in by entering random numbers, and after limited attempts, they will run out of log-in attempts and your account will be suspended for 12 hours.
Now, you might say, ‘okay that doesn’t sound harmful to me!. But wait the most interesting part is. The hacker starts pretending to be an actual user, and then a hacker will send an email to WhatsApp, and asking it to deactivate or suspend the WhatsApp account. WhatsApp without cross-checking and confirming from the user deactivate the WhatsApp account. If this process is repeated again and again, then WhatsApp can permanently suspend or lock the account.
What Did WhatsApp Say About This Flaw?
According to our knowledge, WhatsApp has not suggested any solution for this flaw. WhatsApp recommends users to provide an email for two-factor authentication to help support spokespeople when they face this issue, which they labeled an “unlikely problem.”
Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate.