The alert was given by cybersecurity researchers Luis Márquez Carpintero and Ernesto Canales Pereña from our neighboring country, exposing a new danger lurking on WhatsApp. It is a terrible surprise for its more than two billion users.
Using only the telephone number of the future victim, the hacker you can easily disable WhatsApp on the targeted phone and prevent the rightful owner from regaining access to the account. Not even two-factor authentication can prevent this attack vector.
Any WhatsApp account can be vulnerable to this attack
In declarations to Forbes, researchers note the relative simplicity with which it is possible to prevent someone from accessing and regaining access to what is theirs. The process, according to their investigations, can take just five minutes.
The occurrence is due to a security vulnerability discovered in the instant messaging and communications platform. Something that can affect millions of people worldwide, covering the huge base of active users of WhatsApp.
All attackers need to know is the contact’s phone number. Now, taking into account the magnitude of Facebook’s last information leak, with the data available in databases in hacking, it will not be difficult to get there.
The mechanics of this great exploit from WhatsApp
The two-factor verification process is active by default on WhatsApp when creating an account. It is also one of the most durable security elements in the application of messages since it depends a lot on the human element.
It is here that attackers can take advantage of human susceptibility to access victims’ accounts. Note that the operation of this system is very simple. As soon as WhatsApp is installed on a smartphone, the phone number is requested. Then the verification code is requested, received by SMS with a view to verifying the account.
Even so, anyone can enter another user’s phone number when installing WhatsApp on a device. If oopurpose is to block that user’s account, just enter your phone number and request the verification code that will allow you to verify the account.
How to block a WhatsApp user account in 5 minutes
Since the number to be attacked belongs to someone else, messages with the verification code will be sent to the respective phone. In a short time the target user will start receiving several SMS with the verification codes
In addition to these messages, the legitimate user will receive several notifications notifying them that they are trying to sign in on another mobile device. The natural thing is to dismiss this occurrence, ignoring repeated notifications, right?
However, when multiple authentication codes are requested in a short time, WhatsApp will block the attempt to access the account for 12 hours. This is a WhatsApp protection mechanism with a view to protecting the user.
Unfortunately, if the goal is to block the user’s account, this is what happens. When making a flood of requests to WhatsApp for new codes the platform will close the account on the devices on which it is active, in this case, the victim’s phone.
A pernicious but effective way to block a WhatsApp account
It is precisely here that the attacker can put into practice the last step of his strategy to block the victim’s WhatsApp account. To do so, just send a communication via email, email, to WhatsApp support claiming that the phone was lost and may have been stolen. There is the victim’s phone number and a request to deactivate the victim.
Very soon, an email automatically generated by WhatsApp is received by the attacker where it is ensured by the platform that the account was suspended as intended. Then the victim will see that his WhatsApp account has been deleted from the phone.
At that moment the attack is revealed, when the target is no longer able to use WhatsApp on his phone. When you try to log back in and check on WhatsApp you will run into the 12 hour block due to flood prior. If you request a verification code via SMS again, the hour meter will increase the blocking time.
The platform does not, at the moment, intend to change the protection / blocking mechanics of the user account. Something that does not go unnoticed by the miscreants who can take advantage of this somewhat elaborate but effective mechanics.
Finally, one of the few precautions against this type of attacks is to enable two-factor authentication on WhatsApp and also associate a recovery email.
Before you go, see how to activate this security procedure in your account.
4gnews editors recommend:
*The article has been translated based on the content of https://4gnews.pt/whatsapp-falha-de-seguranca-permite-bloquear-qualquer-conta-em-5-minutos/ by 4gnews.pt
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article. If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!