Well, here is some news about another app having a security problem. According to Android Authority, a new WhatsApp flaw can let attackers suspend your account. Ironically, these attackers can use your own phone number to suspend your account. This news comes from Researchers who found the flaw.
If you receive a two-factor authentication that you were not expecting be cautious. If this happens it could be someone malicious trying to shut down your account. Forbes (via Android Police) reports that security researchers Luiz Márquez and Ernesto Canales Pereña discovered the flaw which lets attackers suspend your account. It is scary because they only need your phone number.
The attacker will request and incorrectly guess multiple two-factor SMS codes. Once this happens WhatsApp will lock out sign-ins on the device for 12 hours. Once this happens the attackers will register a new email address, and email the support team asking to deactivate the old number. They ask this and say that the old number needs to be deactivated due to a lost or stolen account.
In this instance, WhatsApp automatically disables the number without verifying the authenticity of the request. This being the case you could find yourself getting locked out and be none the wiser.
New WhatsApp flaw lets attackers use your own phone number against you
It is not a lost cause if you do get locked out. You can get your account back after a 12-hour window expires. However, if the attacker wants to be petty they can do the process two more times.
On the third time if they email WhatsApp your account will be locked, and you will be forced to contact WhatsApp yourself.
The good news is that you most likely will not see this attack happening often. But despite this, WhatsApp still has not discussed a potential solution to Forbes. However, the company recommends that users provide an email address with two-factor authentication.
This will help customer support if the user runs into this “unlikely problem.” If anyone attempts to do this attack it will be a violation of the terms of service according to a WhatsApp spokesperson.
The good thing is that users will most likely not see this attack. Most attackers want to steal accounts instead of disabling them. Also, users will know something is going on when they receive two-factor authentications they did not request. If this does happen immediately reach out to WhatsApp support.
WhatsApp offers the ability to easily find an owner’s phone number by searching for it. However, if somebody wants to randomly cause issues they could easily get the number of their target.
This does bring up the question about WhatsApp account security. Clubhouse is in a similar situation. In that instance, their policy allows for easy access to a lot of the information.
Hopefully, the company will find a solution for this flaw soon. Only time will tell if WhatsApp will change things in the future to prevent possible attacks like this.