WhatsApp New Security Risk: Number is enough to lock users out of WhatsApp

WhatsApp Messenger users have to be prepared for the fact that the service will simply be switched off by an attacker. Not even protection with two-factor authentication can prevent such an attack.

According to a report by Forbes magazine, what the two security researchers Luis Márquez Carpintero and Ernesto Canales Pereña discovered should not actually be possible in this form – especially not with a platform with around 2 billion users: All you need is a phone number to find a user to be locked out of his account remotely.

The problem is by no means a security gap in the app itself. Rather, the attacker can skillfully exploit the various mechanisms in the background. This is how you work at the Facebook subsidiary.

For example, not a lot of people process support requests, but rather has most cases handled by an AI. This applies, for example, to e-mails with which users want to report that their account has been stolen.

The AI ​​recognizes such messages and asks again for the telephone number to which this account is connected to be on the safe side. If this is correctly confirmed in a second e-mail, the user account will first be closed.

The user can then initially not fall back on his messenger, which can be a significant problem, since many users use WhatsApp as the most important communication channel for private and professional purposes.

Second stage necessary

In principle, the block can be removed relatively quickly by re-verifying the telephone number in question. Here, however, the second level of attack comes into play: the attacker may have tried several times in advance to initiate the activation of a new device.

If this happens several times in quick succession, further attempts are suspended for a period of twelve hours or more. New registration of the regular user is then not possible either.

The action in question does not bring an attacker into possession of communication content, since he cannot gain access himself. Nevertheless, the attack is well suited to specifically lock out users for a certain period of time.

This can have different motivations: either the perpetrator simply wants to annoy the victim, or at a certain moment ensure that the victim is not involved in an important discussion in a WhatsApp group.

Especially since it is also possible to use other tricks to significantly extend the blocking. It is now up to WhatsApp to quickly revise its automated service systems in the background in order to prevent such attacks.

We will be happy to hear your thoughts

Leave a reply

Register New Account
Reset Password
Compare items
  • Total (0)