A FLAW in WhatsApp’s authentication system could let a hacker lock you out of the app.
The hacker would need to go through a 36 hour process but the result is a victim’s account being permanently deactivated.
Cybersecurity researchers Luis Márquez Carpintero and Ernesto Canales Pereña revealed the alarming problem to Forbes.
They explained how the attacker would first need to download WhatsApp and then try and login using your phone number and requesting authentication codes.
After several attempts, WhatsApp blocks sending codes for 12 hours.
However, the hacker can use this time to send “a lost/stolen phone request” to WhatsApp support to try and get your account deactivated.
WhatsApp can lock you out of your account without verifying the email address the request is sent from is actually you.
The hacker will need to repeat this 12-hour cycle two more times.
After this 36 hours process, you and the person trying to take your account will both see a “Try again after -1 seconds.” message pop up on your devices.
You’ll then have to contact WhatsApp support to get your account back.
You should do this before the hacker does it first.
No data or money can be taken from you in this way but a hacker could try and use the technique to become you on WhatsApp.
WhatsApp has said that “providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem.”
You can do this by heading to your WhatsApp Settings and clicking ‘Account’ and then ‘Two-step verification’.
Then, you’ll need to enter a secure PIN and provide your email address.
WhatsApp – a quick history
Here’s what you need to know…
- WhatsApp was created in 2009 by computer programmers Brian Acton and Jan Koum – former employees of Yahoo
- It’s one of the most popular messaging services in the world
- Koum came up with the name WhatsApp because it sounded like “what’s up”
- After a number of tweaks the app was released with a messaging component in June 2009, with 250,000 active users
- It was originally free but switched to a paid service to avoid growing too fast. Then in 2016, it became free again for all users
- Facebook bought WhatsApp Inc in February 2014 for $19.3billion (£14.64bn)
- The app is particularly popular because all messages are encrypted during transit, shutting out snoopers
- As of 2020, WhatsApp has over 2billion users globally
In other news, TikTok has finally created an automatic captions feature.
Hundreds of OnlyFans accounts have been targeted by hackers who leaked explicit content online, according to cybersecurity experts.
And, Tesco has been giving out free iPhones, AirPods and new Samsung phones.
Have you noticed any online scams recently? Let us know in the comments…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk