Several phishing attacks on WhatsApp are common, but the most recent weakness discovered appears to be the most serious. According to news, the latest WhatsApp security bug could allow cybercriminals to suspend the account of any person who uses their phone number. Apart from the user’s phone number, the attackers seem to require no other details about him. There was no solution to the problem at the time the study was sent out. The intruder, on the other hand, will only block the account and not gain access to it.
The dangerous bug was discovered by security researchers Luis Márquez Carpintero and Ernesto Canales Perea, and it was first recorded by Forbes. Although this may seem unlikely, the researchers discovered that the attackers first open WhatsApp on their phones and attempt to log in with the victim’s phone number. When this is completed, WhatsApp’s two-factor verification system sends a code to the victim’s phone number right away. This prevents the intruder from gaining access to the account, but he keeps trying. WhatsApp disables login for 12 hours after many unsuccessful login attempts. For the next 12 hours, neither the survivor nor the perpetrator will log into their WhatsApp accounts.
The perpetrators then send an email to WhatsApp, requesting that the victim’s phone number be deactivated or suspended. The perpetrator assumes that the victim’s phone has been lost or stolen, but does not note that it has signed the user out of the account. WhatsApp deactivates the victim’s WhatsApp account without waiting for any feedback or cross-checking. If the procedure is repeated, WhatsApp will permanently lock the account.
“Providing an email address for your two-step authentication lets our customer service team assist users should they ever face this unexpected problem,” a WhatsApp representative told Forbes in response to the new security bugs. We urge anyone who needs assistance to contact our support team so we can review the situations found by this researcher, and we encourage anyone who needs advice to email our support team so we can investigate.”