At a disposal Account WhatsApp It’s much simpler than you think and two factor recognition is not enough to prevent an attacker from doing so. Two security researchers discovered this, Louis Marquez Carpenter Ed Ernesto Connells Perena, Who showed this practice to Forbes.
The process is precisely the right word, because technically this is not a real mistake: WhatsApp actually provides an accurate procedure Check accounts However, it allows anyone. “Take it“Account. You need to know Phone number of the victim Have a valid email address. Not only is two-factor authentication not enough to protect an account, but the lock option allows you to capture anyone else’s WhatsApp profile in the shortest possible time. WhatsApp is aware of the problem, but considers the view conjectured by Carbindero and Perina. “Not possible“.
Why WhatsApp accounts are at risk
This is “Error“, Or the trick to making it better, based on the practice Turn the phone on WhatsApp. The attacker, in practice, has to do, install a new WhatsApp a New phone And mark Our phone number During the profile activation phase.
WhatsApp, as a matter of practice, sends a verification code to the indicated number (i.e. ours) and the attacker must enter it on the new phone to prevent it from going from one device to another. But the attacker will not be able to access our phone, so WhatsApp will always enter the wrong codes until the account is locked for 12 hours security.
This is the first step in implementing WhatsAppTwo factor recognition, But this is not enough to protect users’ profiles. The attacker will, in fact, send an email to WhatsApp technical support saying that the old phone (which is actually ours) has been stolen or lost as soon as the security account is blocked.
Detected by WhatsApp, Carbindero and Perena controls itself to check the authenticity of the email and Open the profile on the new phone. At this point the attacker has full control of our WhatsApp account.
WhatsApp profile theft: How to protect yourself
That’s the problem with this WhatsApp bug There is no real way to defend oneself. After our profile is sent from one phone to another, we actually receive a message that the account has been disabled.
We need to do that again The same maneuver done by the attacker: Enter the wrong code multiple times, enter the account safely for 12 hours and send an email to WhatsApp. It will work, but only until the attacker re-processes.
According to two researchers WhatsApp will tolerate a maximum of three cycles As it is, we will lose the profile permanently.
What WhatsApp answers
This issue has been reported to WhatsApp, which allows almost anyone to have any account.
The WhatsApp answer It “Providing an email address for two-step verification will enable our customer service team to assist them if they encounter this potential problem. Circumstances identified by these investigators violate our Terms of Service and we encourage anyone who needs help sending an email to our support team so we can investigate.“.
More Stories
Acrylic Nails for the Modern Professional: Balancing Style and Practicality
The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat
Choosing Between a Russian and a Greek Tortoise: What You Need to Know