WhatsApp has 2 billion users. They use the messenger every day to work and socialise. Each one of these users runs the risk of losing their account forever.
Forbes reports that a vulnerability exists which allows any attacker who knows your phone number to block your WhatsApp account.
How is this possible? In short, the attacker tries to access the account by requesting an authorisation code and entering incorrect sets of numbers until the instant messenger says that there are no attempts left and the next opportunity to request the code will appear only after 12 hours. At the same time, you receive a bunch of SMS with 2FA codes. Users are unlikely to pay attention to this, assuming that the messengers are due to an error or similar issue, as they haven’t requested these codes.
After that, the attacker registers an email and uses it to send a letter to the support service with a request to deactivate the number as it has been lost or hacked.
An hour or so later, suddenly WhatsApp stops working on your phone and you see an alarming notification: “Your number is no longer registered with WhatsApp on this phone,” it says. “This might be because you registered it on another phone. If you didn’t do this, verify your phone number to log back into your account.”
Your account is being hijacked and not even two-factor authentication will help.
This is a real problem with no solution yet. However, in its arsenal of tools Intis Telecom has anti-flooding protection against swamping attacks where multiple SMS are sent to one user in a short period of time. This doesn’t give full protection against this vulnerability, but it prevents SMS clicks, which help you to avoid becoming easy prey for attackers.
