WhatsApp has a massive security problem, but you may be able to avoid it
Source: Chris Wedel/Android Central
WhatsApp has a big security issue right now, and it doesn’t seem to be doing much about it. The app has seen its fair share of problems lately, including a mass exodus from the platform after it announced its new privacy policy requiring accounts to be connected to Facebook. It turns out that privacy isn’t the only problem WhatsApp has to deal with, not that a huge security flaw has been discovered.
A pair of researchers have uncovered a flaw (via Forbes) that allows attackers to lock anyone out of their WhatsApp account with just their phone number. It works because upon installing the app, the app will ask for a phone number. The attacker can input any number, which will then receive a confirmation text. If your number is at the receiving end of this, you’ll notice seemingly unprompted verification texts from WhatsApp that you can’t do anything about. And after too many verification attempts, further attempts to log in will be blocked for 12 hours. That shouldn’t affect you since you’re already logged in, but the real problem comes next.
VPN Deals: Lifetime license for $16, monthly plans at $1 & more
From there, the attacker can send an email to WhatsApp support asking to deactivate the number due to a lost or stolen phone. Since WhatsApp doesn’t know whether or not the phone number truly belongs to the attacker, the support team can comply and deactivate the account, which will force you off the app for the remainder of the 12 hours. The problem is that even if you try to get back on, the attacker can just repeat the process until, eventually, you’re completely locked out with no way to attempt to get back into the app.
One of the big problems with this flaw is that it apparently works even with two-factor authentication turned on and highlights one of the main problems with SMS-based 2FA. Forbes questioned WhatsApp about the vulnerability, but there has been no indication that the team would address it.
So what can you do to make sure this doesn’t happen to you? Although this attack, unfortunately, works even with 2FA, it’s still useful to have on, and we can walk you through how to enable two-factor authentication in WhatsApp on Android….
