New technique used to hack WhatsApp – THIS is how to save your messaging app
WhatsApp is the most popular and most used instant messaging app in the world. Facebook-owned WhatsApp has more than two billion users globally. It is one of the safest modes of communication because of its high privacy due to end-to-end encryption. But now there is something for you to worry about. So if you are using WhatsApp, then you should definitely read this story.
A new vulnerability has been discovered which could allow a remote attacker to easily deactivate WhatsApp on your phone. And to do that the attacker will just use your phone number. And the most concerning part is that the two-factor authentication will not be able to prevent this from happening.
Security researchers, Luis Márquez Carpintero and Ernesto Canales Pereña have demonstrated the vulnerability and were able to deactivate WhatsApp on a user’s phone. Some amount of error by the user and your WhatsApp is deactivated. And this attack cannot be prevented even through two-factor authentication.
How the vulnerability works – The first step
To understand this first, we should know that when we install WhatsApp on our smartphones, we receive an SMS code to verify the SIM card and the number.
The hacker uses the same technique, install WhatsApp on their smartphone using your mobile number.
You will start to receive six-digit codes on SMS suggesting someone requested the code for installing WhatsApp on their phone.
Meanwhile, you are not alarmed because WhatsApp on your phone continues to work normally.
These codes repeatedly come since that is part of the process of the hack.
However, WhatsApp’s verification process will limit the number of codes that can be sent and will restrict the ability to generate more codes for a period of 12 hours.
During this time, your WhatsApp continues to work absolutely normally.
At this point do not deactivate WhatsApp on your phone and attempt to reinstall it. You will not be able to generate a code.
This vulnerability is expected to impact WhatsApp for Android and WhatsApp for iPhone.
How the vulnerability works – The second step
The hacker creates an email ID and then sends an email to firstname.lastname@example.org.
In the mail, the hacker states that the phone on which the WhatsApp was installed is stolen or lost and so the WhatsApp be deactivated on that number.
It gives another mobile number stating this will be the new phone number through which WhatsApp will be installed.
WhatsApp may confirm your number again by email, but there is no way for them to identify if it’s a hacker sending these emails, or the genuine owner.
After a while, the WhatsApp for your phone number will be deactivated.
A notification will prop up, “Your phone number is no longer registered with WhatsApp on this phone” when you open the app next.
It goes on to say that this might be because WhatsApp has been installed on another phone.