Researchers have found a new security flaw in WhatsApp, the most popular instant messaging app globally. This security flaw will allows hackers to suspend anyone’s WhatsApp account using his/her number.
It is also reported by the researchers that this flaw is not new. It has been in the app for quite a long time because of the fundamental weakness.
With this, billion of user’s accounts are at a critical stake as the hackers can suspend, delete or even deactivate the user’s account. They also restrain the users who try to reactivate their own WhatsApp account.
Users having enabled the two-factor authentication on their accounts can also be exploited with this security flaw.
Security researcher Luis Márquez Carpintero and Ernesto Canales Pereña claims that there are two primary weaknesses in the app. The first one will enable hackers to get access to the user’s phone number. However, by getting the user’s phone numbers hackers will not be able to get the WhatsApp account because they don’t get the six-digit OTP code WhatsApp will send via SMS.
But, if the hackers will attempt to try the code and multiple attempts of entering the wrong code will restrict the hackers to enter the code on WhatsApp.
After that, the hackers will contact WhatsApp support through an email to deactivate the user’s phone number from the app. Hackers need only a new email address to send the email. In the email, they would only say that their phone was stolen or lost.
WhatsApp will then send a confirmation email to the hackers to which they can immediately acknowledge. With the acknowledgment, the instant messaging app will immediately deactivate the user’s account even if they have enabled the two-factor authentication.
In response, WhatsApp has stated that users can bypass this issue by just linking their email to their WhatsApp account.
“Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate”
There is yet no confirmation from the social media app, whether they are working to fix the issue or not.
Other Trending News:- News