The U.S. media broke the news on April 10 that WhatsApp has a super vulnerability that allows anyone with a user’s handheld phone number to permanently deactivate the other person’s account just by going through a simple process.
WhatsApp’s 2 billion users are facing an alarming security risk today, according to Forbes, a remote attacker can easily deactivate their accounts permanently using only your phone number.
Whatsapp has not yet confirmed plans to fix this vulnerability.
Reports say that as long as an attacker continues to enter someone else’s phone number in WhatsApp until it can no longer send it, Whatsapp will eventually become vulnerable, allowing users to never receive a verification code again.
If a user logs in to Whatsapp too many times, the company will temporarily block the account until a certain time before they can log in again. Forbes says the attacker repeats this step until the wait time is up to 12 hours, then repeats it three times, and WhatsApp becomes vulnerable.
Users will receive numerous verification texts or calls during this time, but there is nothing they can do about it. Even if double verification is set up, there is no way to avoid this attack.
The attacker can then use any email to send an email to WhatsApp claiming that the account has been stolen or lost, asking to deactivate the account, and receive an automated email response from WhatsApp. The attacker can then simply provide the phone number again as requested to have the account logged out of the phone and permanently deactivated. Whoever tries to log into the account afterwards will be stuck with a “Please try again in 1 second” screen and will never be able to log into the account again.
Recent Comments