Security bug in WhatsApp
A security flaw, which we hope WhatsApp will fix in the immediate future, could leave you without an account for around 12 hours or much longer.
The problem has been revealed by two Spanish researchers named Luis Márquez Carpintero and Ernesto Canales Peña. This bug allows you to temporarily block the account, but in no case does it allow you to access the chats, messages or contacts that we have in the app.
Anyone who has your phone number can block your access to the WhatsApp app:
As you will see below, the mechanism to bring up the security flaw in WhatsApp is very simple.
A person installs the WhatsApp app on a mobile and enters your number to activate the service. Not being able to verify your identity, since the verification message will reach us, enter several random verification keys that fail and cause the app, after several attempts, not to allow the attacker to enter new codes for 12 hours.
For the moment WhatsApp will continue to work for us, but this is where the problem comes from. The person who has tried to activate our account on her mobile sends an email from an email created for the occasion, for example a new Gmail account, to the WhatsApp support address. In this message, it is enough to communicate that your mobile has been stolen or lost and ask that the service be deactivated.
WhatsApp by processing this information through an automated process, believes that the identity of the attacker is yours and suspends your account without further ado. What do you think?.
In the event that this happens to us, we will have to wait for the end of that 12-hour period to activate the account. Not knowing when that 12-hour countdown began, you will have to randomly try until it ends. Once the service is recovered, you will once again be exposed to the attacker repeating the operation over and over again.
Our recommendation to avoid this WhatsApp security flaw:
At the moment little can be done, but we can alert WhatsApp that we want to access our account as soon as we receive the first verification message that reaches our terminal. To do this, we will write an email to WhatsApp support explaining that they want to impersonate our identity and, with this, give notice of a possible temporary suspension of our account.
We will have to do this while WhatsApp does not remedy it and, it seems, they do not plan to do so at the moment.
Greetings.
