WhatsApp: they discover that a user’s phone number is enough to block their account

bnsqidpfvbcrtbfjgbhmqdnjpm.jpg
bnsqidpfvbcrtbfjgbhmqdnjpm.jpg

WhatsApp It may be the most used application in the world, but it is far from perfect. A group of Spanish researchers have discovered a major security flaw that allows hackers to block an account with just the phone number, even if the victim has two-step authentication enabled.

Luis Márquez Carpintero and Ernesto Canales Pereña, from the University of Alicante, warned Forbes of the security failure and explained that it is related to the procedure they use WhatsApp when checking new phone records.

Usually, when users register their phones, the system sends an SMS code to verify the account. The security breach occurs when the attacker, through the victim’s number, registers the account from another phone. The victim will receive the SMS code and will only have to ignore it so as not to lose the account. However, when the attacker insists on sending the SMS codes, WhatsApp will block any sending of new codes to the victim’s phone number.

Once this is done, the attacker will send an email with an account that has been created to [email protected], requesting that the telephone number be deactivated because it is a lost or stolen account. The developers of WhatsApp would confirm that, indeed, the phone number of the claim is blocked by numerous validation requests and will proceed with the blocking of the account.

The victim will receive a notification telling them that their number has been deactivated, despite the fact that it is a fraudulent operation. There will be no choice but to verify the phone number to log in again.

The problem is that the number will be blocked from receiving SMS for 12 hours. The attacker, therefore, could repeat the procedure up to three times, when WhatsApp decides to permanently block the reception of SMS on the victim’s phone number.

WHATSAPP | The answer

“Providing an email address with two-step verification helps our customer service team help people if they ever run into this unlikely issue. The circumstances identified by this investigator would violate our terms of service and we encourage anyone who needs help to email our support team so that we can investigate. “, they need from WhatsApp.

WhatsApp It has not confirmed if there will be changes to its security system in future updates.

Listen to Dale Play on Spotify Y Spreaker. Follow the program every Sunday on our available audio platforms.