Anyone With Your Number Can Suspend Your WhatsApp: Here's How To Fix It
The vulnerability allows anyone who has your number to suspend your WhatsApp account, leaving you completely helpless. All the perpetrator needs is your phone number, that¡¯s it.
Security researchers have come across a strange loophole that allows anyone who has your number to suspend your WhatsApp account, leaving you completely helpless. All the perpetrator needs is your phone number, that¡¯s it.
Reuters
Reported first by Forbes, it is a proof of concept from security researchers Marque Carpintero and Ernesto Canales Perena.
Also Read: WhatsApp Won't Change Privacy Policy Update, Will Display As In-App Banner
The WhatsApp suspension attack
The attack occurs with flaws in two separate areas of WhatsApp. Firstly, the attacker installs the texting app on a new device and enters the number to activate the texting services on it.
This obviously can¡¯t go any further as the app requires an OTP to securely sign in and the OTP is only received on the user¡¯s text messages. The attacker forces multiple attempts of incorrect OTPs which results in the login attempt getting locked for 12 hours.
And at this very moment, the attacker can send a support message to WhatsApp from their email address claiming that the device has been lost/stolen and the account linked with the number needs to be deactivated.
WhatsApp then verifies this with a reply email and eventually suspends your account without any input from the actual user. Upon repeating this process multiple times, the attacker can easily create a semi-permanent lock on your account.
via Forbes
How do you protect WhatsApp account?
While this attack doesn¡¯t really allow the perpetrator to gain access to your account, chats or contacts, having the ability to suspend your WhatsApp is still annoying and frustrating, especially if your work is completely reliant on the texting app.
Also Read: WhatsApp Will Allow You To Move Chats Between iPhone And Android: Here's How
As of now, there is no indication that this method is being used by attackers around the world, primarily because they can¡¯t really achieve anything from this.
WhatsApp¡¯s representative has suggested that users can provide an email with two-factor authentication credentials, which could help in safeguarding against such attacks, but WhatsApp has put the responsibility on the user¡¯s shoulder to be aware and follow its best practices, instead of accepting a loophole in its system.
