A security flaw in WhatsApp allows anyone to temporarily block your account in this service. All they need is to know your cell phone number.

The problem is not an internal flaw in WhatsApp’s code, but a bug in the way the service blocks accounts. The attacker will not read your messages, but will leave you without access to the popular messaging application without you knowing what happened.

The mechanism is simple. The attacker installs WhatsApp on a new mobile and enters your number to activate the service. They can’t verify it because that key comes to your mobile number.

As he has used your mobile number, he enters several random verification keys that fail and cause that after several attempts WhatsApp does not allow the attacker to enter new six-digit codes to validate that account for 12 hours.

For the victim everything will continue to work for the time being, but if the attacker sends an email (from a disposable address, e.g. a new Gmail account) to the WhatsApp support address to say that your mobile has been stolen or lost, the WhatsApp account is suspended without further ado. The attacker can repeat the process several times to make it almost impossible for you to use WhatsApp normally in the end.

In fact you do not know it, but you have to wait for the end of that 12-hour period that the attacker had initiated by failing the verification code. From that moment you can reactivate the account, but you will have to keep trying without knowing when those 12 hours are over, and once the service is recovered we will be exposed to the attacker to repeat the operation again and again.
Although it does not give access to our messages or contacts, any attacker with our mobile number can cause us a lot of inconvenience, especially if we are intensive WhatsApp users.

WhatsApp and Facebook managers do not seem to be considering a possible solution at the moment.


Please enter your comment!
Please enter your name here