Home / Mobile / News / Here's how a WhatsApp flaw allows anyone to temporarily suspend your account

Here's how a WhatsApp flaw allows anyone to temporarily suspend your account

WhatsApp WhatsApp
WhatsApp (Bloomberg)

In this case, it could be an estranged partner, a troll or an attacker who simply wants to lock you out of your account for an extended period. Once suspended, there is no easy or immediate way to regain access to your account.

WhatsApp is the most widely used encrypted messenger service used around the world, which means that it also receives a fairly large amount of attention from hackers and attackers trying to find loopholes and security flaws in the service. One such flaw that was discovered last weekend, can get a user’s WhatsApp account completely suspended for hours on end without any easy solution for those affected by such an attack.

Read more: Beware of third party stores! Security firm finds app store infected with malware

Discovered by security researchers Luis Márquez Carpintero and Ernesto Canales Pereña, the attack can be used by a malicious actor to lock you out of your account, according to Forbes. In this case, it could be an estranged partner, a troll or an attacker who simply wants to lock you out of your account for an extended period. Once locked out of your account, there is no easy or immediate way to regain access to your account.

Here's what the error message looks like according to Forbes' report. 
Here's what the error message looks like according to Forbes' report.  (Forbes)

The attack itself is quite straightforward. An attacker downloads the WhatsApp app on a device and enters your phone number and taps the Verify button. Now they don’t actually have your SIM card, so you’ll begin receiving the verification codes instead of them. But since they don’t actually want to gain access to your account, they don’t want the code. Instead, the attackers make multiple failed attempts, retrying the login process until you are unable to request more codes for half a day.

Also read: This dangerous Windows Defender security flaw went unnoticed for 12 years, here's how to protect your PC today

At this point, you still have access to the WhatsApp service on your current smartphone, so the attacker emails WhatsApp support and asks for your (the target’s) number to be deactivated as the device has been stolen --- WhatsApp will reply to that email to confirm, and just like that, your WhatsApp account is suspended. According to WhatsApp, providing your email address with your six-digit two-factor authentication code could mitigate the issue, but that means sharing another piece of personal information with WhatsApp.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.