web analytics

Technology

WhatsApp ‘flaw’ lets anyone lock you out of the app — but it’s complicated

todayApril 13, 2021 2

Background
share close

A new loophole in WhatsApp‘s authentication system allows an attacker to lock you out of the app, or in other words, deactivate your account. This sounds scary if you use the app frequently, but it’s worth noting the process to pull this off is fairly complicated and takes about 36 hours to execute.

Earlier this week, security researchers Luis Márquez Carpintero and Ernesto Canales Pereña shared their discovery of this flaw through an article in Forbes. Here’s how it works:

  • After installing WhatsApp, the attacker tries to login through your number by requesting authentication codes.
  • WhatsApp blocks sending codes for 12 hours after a certain number of attempts.
  • Meanwhile, the attacker sets up a new email and sends “a lost/stolen phone request” to WhatsApp support to deactivate your account.
  • WhatsApp support doesn’t really verify that if the email address is associated with your account, so it locks you out of the app.
  • After this, the attacker has to repeat the 12-hour cycle twice.
  • At the end of these three cycles, you and the attacker both will see “Try again after -1 seconds.” message, while trying to login through your number.
  • Now, you’ll have to contact WhatsApp support to recover this account.

This whole rigmarole sounds cumbersome like way too much work for an attacker to go through, simply to lock you out of your account. No data or money is extracted this way.

But the worrying part is that there’s no mechanism in WhatsApp support that asks you to verify yourself as the owner of your account. Plus, this method is successful in locking you out even if you’ve set up two-factor authentication.

WhatsApp told Forbes that “providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem.”

To do that, head to Account > Two-step verification, and after entering the secure PIN, you could provide an email ID to recover it. But you might have to still email WhatsApp support if you’re locked out. Bummer.



Source link

Written by: admin

Rate it

Previous post

Music News

How Talk Shows Used to Treat Metalheads + Punks

If you’re a Gen X’er or a Millennial, you remember those trashy daytime talk shows that waged war on all things subcultural. Anyone with a spiked jacket or dyed hair was paraded around like a circus freak on these shows, with some even forcing young outcasts into dressing like “normal” folks.On daytime TV, Jenny Jones was the most egregious example of a puritan’s attempts to snuff out any spark of individuality. […]

todayApril 13, 2021 4

Post comments (0)

Leave a reply


0%