A serious security vulnerability has been identified in WhatsApp that could be exploited by intruders to block your account. The only information an attacker need is your phone number.
First, the hacker installs WhatsApp on a new phone using your phone number to activate the service. Next, WhatsApp tries to verify that it is really you by sending a confirmation code. However, the attacker asks for the code again and again, which leads to the account being blocked for 12 hours.
In the next step, the attacker sends an email to WhatsApp, claiming that his phone (which is actually your phone) was stolen or lost, and asks to block the WhatsApp account associated with that number.
Join us on Telegram
Upon this request, WhatsApp sends an email confirming that the account has been suspended, without asking the attacker for any information that could prove that the request to suspend the account came from the legitimate owner of the said account.
A couple of security researchers named Luis Marquez Carpintero and Ernesto Canales Perena conducted an experiment that proved that this attack could block your access to your WhatsApp account. At the same time, your messages will remain confidential.
Jake Moore from ESET:
This is another alarming hack that could affect millions of users. A lot of people rely on WhatsApp as their primary communication tool. It’s scary how easily this can happen.
WhatsApp has not yet announced how it plans to close this security hole.
(Via)
