A new security flaw claims, now anyone can easily remotely deactivate your WhatsApp Account by simply having your phone number.
WhatsApp which is currently used by around 2 billion users has been hitted with a new security flaw as claimed by a Forbes report.
The report claims, with this new security flaw anyone can block you from using your WhatsApp account and all it needs is only your phone number.
Here is how this flaw works.
Let us consider the victim’s phone as Phone A and the phone from which the hack is done remotely as Phone B.
Now here is how the hack has been done. The Phone B first installs WhatsApp in it’s device. The next step is registration.
WhatsApp requires a phone number to operate. That means you can’t have a WhatsApp account if you don’t provide a phone number to WhatsApp. Hence, it asks the user to feed a phone number while the user registers himself in WhatsApp.
Now, Phone B feeds the victim’s phone number during registration. As soon as Phone B feeds the victim’s phone number, WhatsApp sends a 6 digit confirmation code on the same phone number.
Obviously, Phone B doesn’t have the same code as it does not require it to perform the hack. Phone B basically has to repeatedly resend the code until WhatsApp blocks both the Phone And Phone B to regenerate a new verification code.
If I say more accurately then, WhatsApp blocks both the phones to receive the verification code for 12 hours.
The next step of the hack will be performed in this 12 hours of interval.
The attacker sends a mail to firstname.lastname@example.org with the subject line Lost/Stolen Phone and in the content can simply write a line say My Phone has been stolen, Please deactivate my account ********22.
As soon as the attacker sends the mail, WhatsApp will reply with an automated mail asking to send/confirm the Phone Number again.
The attacker then sends the phone number and the WhatsApp team deactivates the WhatsApp account associated with the given phone number.
This attack has been exposed by two security researchers, Luis Márquez Carpintero and Ernesto Canales Pereña. They have even said that the hack seems so easy that many might not believe at first.
In the above hack, although the attacker doesn’t have any medium to expose the content but as it claims it definitely blocks the user to use his WhatsApp account which is a bigger problem.
The above security test has been claimed successfull even when the 2FA service called Two Factor Authentication was Turned ON on the victim’s WhatsApp account.