Jump to content
The Great Escape Online Community

[Slashdot] - Your WhatsApp Account Can Be Suspended By Anyone Who Has Your Phone Number


Admin

Recommended Posts

An anonymous reader writes: If you're a frequent user of WhatsApp, you may want to keep an eye on a disturbing hole discovered in its security this weekend. It's possible for an attacker to completely suspend your WhatsApp account, without any recourse for the individual user, and all they need is your phone number. At the time of writing there's no solution for this issue. This newly-discovered flaw uses two separate vectors. The attacker installs WhatsApp on a new device and enters your number to activate the chat service. They can't verify it, because of course, the two-factor authentication system is sending the login prompts to your phone instead. After multiple repeated and failed attempts, your login is locked for 12 hours. Here's where the tricky part comes in: with your account locked, the attacker sends a support message to WhatsApp from their email address, claiming that their (your) phone has been lost or stolen, and that the account associated with your number needs to be deactivated. WhatsApp "verifies" this with a reply email, and suspends your account without any input on your end. The attacker can repeat the process several times in succession to create a semi-permanent lock on your account. The results are disturbing, but at the very least, this method can't be used to actually gain access to an account, merely to block access by its legitimate owner. Confidential text messages and contacts are not exposed. The proof-of-concept attack was first reported by Forbes from security researchers Luis Marquez Carpintero and Ernesto Canales Perena. There's no indication that it's being used in the wild.

twitter_icon_large.png facebook_icon_large.png

Read more of this story at Slashdot.

2sPwvP6C3Z8

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using The Great Escaped Online Community, you agree to our Privacy Policy and Terms of Use