Beware of Unauthorised Deactivation of WhatsApp Account

Release Date: 19 Apr 2021 4643 Views
Beware of Unauthorised Deactivation of WhatsApp Account

Recently an overseas security researcher has demonstrated how to exploit a flaw in the SMS verification and account deactivation process of WhatsApp to deactivate a person’s WhatsApp account [1] without his or her knowledge. Even two-step verification could not prevent the move. As WhatsApp is a widely used instant messaging app in Hong Kong, the potential impact of the flaw could be quite substantial.

 

From the demonstration, the attacker would first try to set up a WhatsApp account using the victim’s phone number in his device. When WhatsApp asks for the entering of a verification code which is sent to the legitimate owner of the phone number via SMS, the attacker would repeatedly enter a wrong verification code into WhatsApp to trigger the app to disallow any further attempts. The attacker would then impersonate the victim to contact the customer service team of WhatsApp, claiming that the mobile phone has been stolen, and request for an account deactivation.

 

HKCERT recommends WhatsApp users to take the following actions to protect their accounts: 

  1. Enable two-step verification and fill in the email address [2];
  2. Do not forward or share the SMS verification code to anyone. If you did not request for it, report this abnormality to WhatsApp immediately; and
  3. Set up screen lock of the mobile phone to protect against theft or loss

 

Since WhatsApp uses mobile phone number to authenticate user, therefore, in case you lose your mobile phone, you should:

  1. Report the loss of the phone to your mobile phone operator immediately; 
  2. Sign into WhatsApp with your phone number after getting a new card, as it will log out all the active sessions of your account automatically [3]; and
  3. Use lost tracking feature (e.g.: Apple - Find My iPhone / Google - Find My Device) to lock your device or erase all data in order to protect from data leakage.

 

Reference:
[1]https://gadgets.ndtv.com/apps/news/whatsapp-suspend-account-using-phone-number-vulnerability-flaw-2412359
[2]https://faq.whatsapp.com/general/verification/about-two-step-verification?lang=en 
[3]https://faq.whatsapp.com/general/account-and-profile/stolen-accounts/?lang=en

Related Tags

WhatsApp

Share with

Previous

QSnatch Malware Prevention and Cleanup

26 Mar 2021 7232 Views

Next

Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages

27 Apr 2021 9088 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY