Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Technology
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Visual Stories
  • Reviews
  • Phone Reviews
  • Fitness Bands Reviews
  • Speakers Reviews
  • Find Cricket Statistics
Hindi
More
In the news
Samsung
Elon Musk
Apple
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Technology
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Visual Stories
Reviews
Phone Reviews
Fitness Bands Reviews
Speakers Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Technology News / #BugAlert: Here's how anyone can suspend your WhatsApp account
Technology

#BugAlert: Here's how anyone can suspend your WhatsApp account

#BugAlert: Here's how anyone can suspend your WhatsApp account
Written by Chandraveer Mathur
Apr 13, 2021, 02:13 pm 3 min read
#BugAlert: Here's how anyone can suspend your WhatsApp account

If you have been receiving multiple two-factor authentication (2FA) requests for your WhatsApp account, it is likely that someone is attempting to shut your account down. The flaw was first discovered by security researchers Luis Márquez Carpintero and Ernesto Canales Pereña, Forbes reported. All the cybercriminals need is your phone number and a little over 12 hours to deactivate your WhatsApp account. Here's how.

How it works
Cybercriminal would just need to wrongly guess 2FA codes

First, using their own device, the perpetrator would attempt to log in to the victim's WhatsApp account. Thanks to two-factor authentication, WhatsApp would send the victim a six-digit code via call/SMS. Since the perpetrator doesn't have access to the victim's phone (which anyway isn't their aim), they would incorrectly guess the code multiple times until WhatsApp requests the perpetrator to try after 12 hours.

Repercussions
One false email to support and victims are locked out

Before the 12-hour timeout, the perpetrator would use a burner email ID to request support@whatsapp.com to deactivate the victim's account. WhatsApp might send an automated reply asking for the victim's phone number again, which the perpetrator would happily provide. And now, WhatsApp would automatically temporarily deactivate the victim's account without any input actually coming from the victim.

What next?
WhatsApp doesn't verify who sent the account deactivation request email

There are two big flaws in WhatsApp's security system. It doesn't verify if the email requesting deactivation comes from the owner of the said account! This means that anyone who knows your phone number can deactivate your WhatsApp account in around 12 hours. Let that sink in. Secondly, the messaging service doesn't follow up with questions to confirm your ownership of the phone number.

Biggest caveat
After the third consecutive attack, victim cannot recover WhatsApp account

The biggest issue is that even if the victim successfully re-registers and recovers their WhatsApp account, just one email from the cybercriminal could get them back to square one. Additionally, after the third attack cycle, the victim's phone would count down "-1 seconds" instead of 12 hours. With the countdown broken, the victim is locked out of their account unless contacting WhatsApp helps.

Low-effort
Victims can't do much when cybercriminals exploit this vulnerability

What can you (the victim) do if you get a bunch of WhatsApp 2FA codes you didn't ask for, or if WhatsApp doesn't respond after you are locked out of your own account? Well, nothing. Worryingly, this unsophisticated attack doesn't require any coding skills or effort on the attacker's part. Additionally, Forbes reported that there's no way to opt-out of being discovered on WhatsApp.

No fix yet
Cybercriminals could financially benefit from deactivating someone's WhatsApp account

WhatsApp hasn't yet acknowledged or addressed this vulnerability. It seemingly remains focused on generating revenue. Considering how Facebook's latest breach and a separate database on Telegram leaked millions of phone numbers online, WhatsApp's vulnerability can be exploited at scale. Forbes rightly observed that besides the inconvenience caused, there could be monetary benefits of taking a person or a business off WhatsApp.

Share this timeline
Facebook
Whatsapp
Twitter
Linkedin
Chandraveer Mathur
Chandraveer Mathur
Mail
I am a design engineer with a knack for all things related to tech, smartphones, photography, and automobiles. When I am not tinkering with gadgets, I enjoy books, CGI, a lovingly curated audio library, and therapeutic solo drives.
Latest
WhatsApp
Security
Information Security
Latest
Samsung Galaxy A13 5G's European prices tipped; launch imminent
Samsung Galaxy A13 5G's European prices tipped; launch imminent Technology
Your guide to traveling to Dalhousie
Your guide to traveling to Dalhousie Lifestyle
Decoding Rohit Sharma's abysmal numbers in IPL 2022
Decoding Rohit Sharma's abysmal numbers in IPL 2022 Sports
2022 Benelli TRK 502 range arrives with more features
2022 Benelli TRK 502 range arrives with more features Auto
For the love of baking: Must-know cake frosting recipes
For the love of baking: Must-know cake frosting recipes Lifestyle
WhatsApp
WhatsApp gets emoji reactions and new Group Chat features
WhatsApp gets emoji reactions and new Group Chat features Technology
WhatsApp video scam claiming Rs. 25 lakh reward returns
WhatsApp video scam claiming Rs. 25 lakh reward returns Technology
WhatsApp Communities and other updates coming this year
WhatsApp Communities and other updates coming this year Technology
WhatsApp could soon let you create your own stickers
WhatsApp could soon let you create your own stickers Technology
WhatsApp introduces two new privacy-centric features for users in India
WhatsApp introduces two new privacy-centric features for users in India Technology
More News
Security
Russia-Ukraine crisis: PM chairs high-level meet to review security preparedness
Russia-Ukraine crisis: PM chairs high-level meet to review security preparedness India
Man tries to break into NSA Ajit Doval's residence; detained
Man tries to break into NSA Ajit Doval's residence; detained India
Tips to safeguard your home from burglars
Tips to safeguard your home from burglars Lifestyle
Seven apps found spreading Joker malware on Google Play Store
Seven apps found spreading Joker malware on Google Play Store Technology
How to check your App Privacy Report on your iPhone?
How to check your App Privacy Report on your iPhone? Technology
More News
Information Security
DuckDuckGo's latest feature prevents apps from tracking Android users
DuckDuckGo's latest feature prevents apps from tracking Android users Technology
Windows MSHTML zero-day vulnerability actively exploited for remote code execution
Windows MSHTML zero-day vulnerability actively exploited for remote code execution Technology
Facebook tests 'Read First' prompts to check misinformation
Facebook tests 'Read First' prompts to check misinformation Technology
Once again, WhatsApp is reminding users about privacy policy deadline
Once again, WhatsApp is reminding users about privacy policy deadline Business
Another database of leaked Facebook users' phone numbers found online
Another database of leaked Facebook users' phone numbers found online Technology
More News
Next News Article
Next News Article

Love Technology news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Technology News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Mukesh Ambani Indian Premier League (IPL) Karnataka Samsung Xiaomi West Bengal
Bihar Virat Kohli Rohit Sharma Haryana Narendra Modi Arvind Kejriwal Tamil Nadu Gujarat Yogi Adityanath YouTube
Instagram Hollywood News Uttar Pradesh Kerala Netflix Bollywood News Mamata Banerjee Maruti Suzuki Rahul Gandhi Elon Musk
Shah Rukh Khan Chelsea FC OPPO Akhilesh Yadav Indian Cricket Team Apple Manchester United Salman Khan Cryptocurrency OnePlus
Amitabh Bachchan ICC Women's World Cup Vivo India vs Sri Lanka
About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive IPL 2022 Schedule IPL 2022 Points Table Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2022