Blatant Security Hole: New Security Warning For WhatsApp Users – It is easy for hackers to block your WhatsApp account & then “hijack” it. This is how the scam works. WhatsApp users have to be prepared for a new danger in the messenger service. As Forbes magazine discovered, there is a very simple trick for hackers to block your WhatsApp account and then abuse it.
Blatant Security Hole: Blocking WhatsApp Account? Here’s How The Scam Works
Hackers can remotely block a WhatsApp account, and you will only notice it if your messenger service suddenly stops working on your smartphone. Even the supposedly so secure two-factor verification can be circumvented with it.
The attack requires a little patience but no special IT knowledge, making it so dangerous. So the attack takes place step by step.
You Receive Strange Verification Codes
Suppose you want to install your WhatsApp account on a new smartphone. In that case, you will receive an SMS code and then have to enter your passcode via two-factor verification. In the attack described by the researchers, hackers do just that. They register your phone number on a new cell phone.
Where did they get your number from? Every person who uses WhatsApp automatically becomes part of the “discovery system” of the app. This means that other users can discover your number. All someone has to do is enter any phone number to determine if it’s registered with WhatsApp. This gives the hackers the first important information for their attack: your number.
So if you want to install it on a new device, WhatsApp will send you confirmation codes. You wonder about this but actually can’t do anything with it. Typically, you will dismiss them as strange behavior and ignore them. On the other hand, however, the hackers then enter incorrect codes. As a result, your WhatsApp account will be temporarily blocked for twelve hours.
Hackers Send WhatsApp Emails With Your Number
The next part of the attack is that the hackers send WhatsApp messages from their email address, report a stolen account, and ask WhatsApp to deactivate the account (your account).
WhatsApp may ask for your phone number again as confirmation, which the hackers can send. There is no more verification at this point. So WhatsApp thinks your number belongs to a stolen account, and your WhatsApp account will be blocked. Only then do you notice that your app is no longer working?
You Try To Verify Your Number – And It Doesn’t Work
WhatsApp will send you an automated message telling you that the number is no longer registered on this phone. As far as WhatsApp knows, you’ve sent an email asking you to block your WhatsApp account. You will then have the opportunity to verify your number if the blocking was not intended.
Of course, you try to confirm your number and have an SMS code sent to you. However, this does not arrive because the hackers have already used all verification attempts. Even if you try to confirm your number with the strange activation codes, the app will tell you no more attempts. So theoretically, you have to wait twelve hours to unlock your account again. Theoretically, in practice, however, something else can also happen.
Block WhatsApp Account: And There Is Nothing You Can Do
Because theoretically, the hackers don’t have to immediately send the blocking email to WhatsApp. They can wait twelve hours and then start the same game again to register your mobile number on their device. You will again receive pin codes with which you cannot do anything.
When the hackers do this three times, WhatsApp appears to collapse, the researchers found in their self-experiment. You received the message: “You have tried too often. Try again after a second.” Instead of a twelve-hour lock, there is now, for some inexplicable reason, only one second waiting time.
If the attackers send an email to WhatsApp now, you won’t have time to register or check anything before being kicked out of the app.
How Do Hackers Get It Out Of Banning Your WhatsApp Account?
Apart from the fact that it is, of course, extremely annoying if you suddenly lose an important communication channel, hackers can use this trick to “hijack” your number and then use it to blackmail you, for example.
It is very worrying that this attack only requires time and patience but no special Businesses knowledge. This vulnerability can make two billion WhatsApp users vulnerable to attack without notice.
When asked by the researchers, WhatsApp admitted that there was a loophole. But the company also said: Anyone who tries the trick is violating the terms and conditions. Whether that will prevent hackers from using it isn’t very certain. At the same time, WhatsApp has no plans to close the gap, although this is very easy, as the research group told Forbes.
What Can You Do To Protect Yourself?
There is the option of specifying an email with the two-factor verification. In that case, it would not be so easy for hackers to “hijack” your number with the wrong email address. At the same time, it is also clear: If you get suspicious security codes for WhatsApp, it could be such an attack to block your WhatsApp account. In that case, contact WhatsApp customer service immediately.
Alternative number three? You could, of course, generally choose another messenger service that has higher security measures from the start, such as Signal. A service that, by the way, Facebook boss Mark Zuckerberg himself uses.