A security flaw allows a hacker to block the user's WhatsApp account
Recently it was discovered a rather serious vulnerability affecting WhatsApp and its use.
Indeed, thanks to a major security flaw, it is possible for a hacker to permanently block a user's account remotely. Having been made aware of the situation, WhatsApp for its part did not hesitate to warn its users. In addition, a set of sanctions would be in the works to punish anyone who tries to take advantage of it. Although to reassure social networks claims that this kind of computer attack are quite rare.
This article will also interest you: WhatsApp: A malicious program that steals financial data
Using a user's phone number to block their WhatsApp account was discovered by two computer security researchers Luis Marquez Carpintero and Ernesto Canales Perea. The article appeared on the American media Forbes.
Even in the presence of multi-factor authentication it is possible for the hacker to use vulnerability to hijack security measures. "This hacking could have an impact on millions of users, who could potentially be targeted by this attack. With so many people relying on WhatsApp as the primary communication tool for social and business purposes, it's alarming how easily this can happen," says Jake Moore, a computer security researcher at ESET, a computer security company.
So we wonder how this vulnerability is used in a practical way. Our two computer security researchers, Luis Marquez Carpintero and Ernesto Canales Perea. Explains in Forbes' lines: "The attack takes place in several stages. First, the attacker will use your phone number to try to set up WhatsApp on another smartphone. This number may have been recovered from a leaked database. To verify your identity, the email app will transmit login codes to your phone number. You will then receive login codes that you did not claim. If this is your case, you are advised to be wary. You are probably the target of a computer attack. Anyone can install WhatsApp on a phone and enter your number on the verification screen." Subsequently, the hacker will continue to request login codes to WhatsApp.vFover to enter incorrect codes, WhatsApp will eventually block the login code request for more security. Generally this Blocking of WhatsApp lasts about 12 hours. Time long enough for the hacker to develop his tactics. Subsequently: "The hacker has a period of twelve hours to carry out the rest of his plan. In a second time, the hacker will create a fake email address in your name. It is exceedingly simple to create an email address with the name of others, especially on Gmail. With this fake address, he will get in touch with WhatsApp's customer support, support@whatsapp.com. In the email, he will explain that his smartphone has been lost or stolen and will request the suspension of your account. Customer service will interpret the multiple erroneous codes entered earlier as evidence of its assertions. ».Unfortunately for the WhatsApp victim then suspend the account without any check upstream. "Your phone number is no longer registered with WhatsApp on this phone. This may be because you recorded it on another phone. If you haven't, check your phone number to reconnect to your account," the unfortunate victim will read. The problem is that it will not be able to log in because the code is blocked. And worst of all, the hacker can continue to block it. indefinitely. Clearly the victim is unfortunately blocked and has no means to protect himself.
Forbes magazine then contacted WhatsApp to explain to him, questioning the legality of the social network's terms of use. "Providing an email address with a two-step audit helps our customer service team help people if they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of use and we encourage anyone who needs help to send an email to our support team so that we can investigate," whatsApp points out, trying to reassure that this scenario is particularly rare. But the courier service did not at any time specify a possibility that steps will be taken to fill this security gap. "A move towards greater privacy protection would help protect users from this," says Moore.
Now access an unlimited number of passwords: