WhatsApp is the world’s most popular and widely used instant messaging app. WhatsApp, owned by Facebook, has more than two billion users worldwide. It is one of the most secure modes of communication due to its high privacy through end-to-end encryption. But now you have to worry about something. So if you are using WhatsApp then you should definitely read this story.
A new vulnerability has been discovered which could allow a remote attacker to easily disable WhatsApp on your phone. And to do this, the attacker will simply use your phone number. And what’s more worrying is that two-factor authentication won’t be able to prevent this from happening.
Security researchers Luis Márquez Carpintero and Ernesto Canales Pereña demonstrated the vulnerability and were able to disable WhatsApp on a user’s phone. A certain amount of user error and your WhatsApp is disabled. And this attack cannot be prevented even through two-factor authentication.
How Vulnerability Works – The First Step
To understand this first, you should know that when we install WhatsApp on our smartphones, we receive an SMS code to verify the SIM card and number.
The hacker uses the same technique, install WhatsApp on his smartphone using your mobile number.
You will start to receive six-digit codes on SMS suggesting that someone has requested the code to install WhatsApp on their phone.
During this time, you are not alarmed because WhatsApp on your phone continues to work normally.
These codes come over and over as it is part of the hacking process.
However, WhatsApp’s verification process will limit the number of codes that can be sent and will limit the possibility of generating more codes during a 12 hour period.
During this time, your WhatsApp continues to function absolutely normally.
At this point, don’t turn off WhatsApp on your phone and try to reinstall it. You will not be able to generate any code.
This vulnerability is expected to impact WhatsApp for Android and WhatsApp for iPhone.
How Vulnerability Works – The Second Step
The hacker creates an email id and then sends an email to [email protected]
In the mail, the hacker states that the phone where WhatsApp was installed is stolen or lost and therefore WhatsApp is disabled on that number.
It gives another cell phone number indicating that this will be the new phone number through which WhatsApp will be installed.
WhatsApp can re-confirm your number via email, but there is no way for them to identify whether it is a hacker sending these emails or the real owner.
After a while, WhatsApp for your phone number will be disabled.
A notification will appear, “Your phone number is no longer registered with WhatsApp on this phone” when you open the app next.
He goes on to say that it may be because WhatsApp has been installed on another phone.