Home » Technology » WhatsApp failure can block any user’s account in 5 minutes

WhatsApp failure can block any user’s account in 5 minutes


All WhatsApp accounts are in danger due to a simple security breach. So you can avoid it.

Cyber ​​security researchers Luis Márquez Carpintero and Ernesto Canales Pereña have discovered a method that allows to block access to any WhatsApp account, thanks to a process that does not take much more than five minutes. This is all due to a vulnerability discovered on the platform, which could affect millions of people around the world.

As the researchers at Forbes explain, the attackers they would only need to know the phone number of their victims to carry out the attack. And given that Facebook itself has made public the phone numbers of over half a million people, it shouldn’t be too difficult for these attackers to find their target numbers.

WhatsApp, icon.

The WhatsApp application icon.

What is vulnerability?

the two-factor verification process that WhatsApp activates by default when creating an account in the service is one of the weakest elements application, because the human factor comes into play and attackers can take advantage of it to access their victims’ accounts.

The operation of this system is simple: when you download the WhatsApp application on a mobile, you are asked to enter the phone number and later a code received by SMS to verify the account. If the code is correct, the application will ask for the two-factor verification code to identify the user.

However, anyone can enter someone else’s phone number when installing WhatsApp on a device. When an attacker aims to block his victim’s account, he enters the number of that, by asking for the verification code that allows you to verify the account.

But since said account is opened on the victim’s mobile, It will start to receive verification codes and notifications that it is trying to connect on another device. The most logical thing would be ignore those notifications, right?

The problem is that when a certain number of codes have been requested in a short period of time, WhatsApp will block the attempt to access the account for 12 hours, preventing further connection attempts. This, in principle, shouldn’t be a problem for the victim Unless you decide to log out of your account – for example, to change your mobile.

But that’s when the attacker would make the last step in your goal of blocking your victim’s account. To do this, it suffices send email to WhatsApp support account, asking for the account to be closed, alleging that it could have been stolen. This message contains the victim’s phone number.

WhatsApp account deleted

WhatsApp account deleted

The email with which WhatsApp claims to have suspended a user’s account.

Soon after, a email generated automatically by WhatsApp is received by the attacker, indicating that The WhatsApp account has been suspended successfully. And soon after, the victim sees how your WhatsApp account has been deleted from your mobile, and you can no longer use the messaging app.

Trying return to connect, the victim sees how there is restriction that prevents receiving new verification codes before 12 o’clock, due to the bombing raid connection attempts made by the attacker a few minutes ago. And if you try to enter one of the codes previously received by SMS, the hour meter will continue to increase.

Here what appears to be a bogue from whatsapp. And when you try to log into the account when it has already been tried and attempts have been blocked for 12 hours, WhatsApp may display the text “You have tried to log in too many times. Please try again in -1 second ” . Now disaster is almost inevitable, and waiting for the application to authorize retesting of the new code is just pointless. It only remains to try to contact WhatsApp technical support in search of a solution.

Unfortunately, WhatsApp does not seem to intend to put an effective solution to this problem. They allege that “the circumstances identified by investigators would violate the terms of service”, but I doubt this will be a problem for would-be attackers, as they don’t even need to have phone number or SIM card associated with the mobile with which the attack will be carried out: just have a Wi-Fi connection and a mobile with WhatsApp downloaded.

One of the ways to try to get rid of these types of attacks is to activate the two-step verification system in WhatsApp and associate an email address. It might make things easier when trying to get your account back. Or if not, you can also do like Mark Zuckerberg and switch to a safer alternative like SIgnal

Related topics: Applications, WhatsApp

Do you use Instagram? Click here and enter our Instagram community to be the first to see our stories: @ andro4allcom

Are you using Telegram? Click here and enter our Telegram community to be the first to discover all the latest Android news: t.me/45Secondes.fr

45seconds is a new medium, do not hesitate to share our article on social networks to give us a solid boost. ????

  • Distribain Bathroom furniture LUMARZO 600SC-N

    Black and Scandinavian 60 cm suspended bathroom cabinet set: LUMARZO-600SC-NL The small size of this Lumarzo-600 60cm single basin bathroom cabinet allows it to be installed in any bathroom. Scandinavian black and wood bathroom cabinet set for

  • Distribain Bathroom furniture LUMARZO 600SC-N

    Black and Scandinavian 60 cm suspended bathroom cabinet set: LUMARZO-600SC-NL The small size of this Lumarzo-600 60cm single basin bathroom cabinet allows it to be installed in any bathroom. This Scandinavian black and wood bathroom cabinet set for

  • Corel VideoStudio Ultimate 2021 – box version – 1 user

    Capture photos and videos from any device – camcorders, cameras or televisions Edit them using the Film Wizard or professional out-of-the-box editing tools Give your movies a new lease of life by adding titles, music and special effects

– –

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.