Online scamming and hacking is not something new to us because with the increasing technology servers are being hacked very often but tech companies are trying their best to make their application secured and provide their user with assurance that their data will not be damaged or leaked at any cost.
Similar to this a well-known online messaging application company called WhatsApp has also promised their users with similar things and have provided the users with two factor authentications in order to protect their data. Despite this we hear news of various WhatsApp accounts getting hacked through six digit codes and we know how time consuming and painful restoring an account can be.
Recently another method of you WhatsApp being hacked came forward with just the use of your phone number. You read it right someone can hack into your account and lock you out of it without granting any access just by using your phone number and to think that this can happen on an application which is used by 2 billion people from around the world and that to so easily is mind blowing.
Researchers, Luis Márquez Carpintero and Ernesto Canales Pereña enlightened the world how you WhatsApp can be hacked just by using your phone number. This should not happen though considering that WhatsApp is the form of communication of both private and business chats around the world and the company should be more careful with the data but this hack which is so simple cannot even be protected by the company’s two factor authentication.
So what is this new hack and how does this work? Well, this newly discovered security vulnerability involves two separate WhatsApp processes both of which have an individual fundamental weakness and it’s the combination of those two weaknesses that can deactivate your WhatsApp and log you out of it.
If you are a WhatsApp user, you know when you had set up your account the company had sent a verification code on your phone for you to verify your authentication and if you did now know this you know now so let us move onto how this verification code is a part of you getting hacked.
Anybody can install the WhatsApp application on their phone and put in your phone number. One this is done you will receive the verification code on your phone. You will then receive texts and calls from WhatsApp with the six-digit code. You will also see a WhatsApp app notification, telling you that a code has been requested, warning you not to share it. The hacker would be doing this while you are casually using your account. You will receive a lot of different codes as the hacker will be requesting repeated codes and trying to put in guessed number themselves, but since you do not have any space to put the number you have received because of the hacker you will ignore it and move on with your day. WhatsApp after a few tried of sending codes will stop because of the WhatsApp verification process limiting the number of codes after this happens the hacker will receive a message saying “Resend SMS/Call me in 12 hours,” and no new codes can be sent or generated for the next 12 hours.
This means that the hacker has blocked any new codes from being entered into the verification screen and this will not be a problem for you unless you freak out with all the received codes and deactivate your WhatsApp. Please do not do that because you will not be able to log in or receive codes for 12 hours as well since it was your number that was used and blocked from code verification system.
Then what the hacker will do in the second step is that he will create a fresh new email and send a mail to WhatsApp claiming that your phone number has been a subject of fraud or theft and that they want to disable this account, WhatsApp will ask for the number hacker will immediately mail it back and the WhatsApp that was initially working on your phone will be disabled. Now you will try to reactivate it but your WhatsApp will ask for a code verification that it has sent for you to access into the account. But guess what you will not receive any notification because the hacker had out in too many guesses and your number has been restricted from receiving codes for 12 hours. In short what the hacker did on his phone has affected you the same way.
If the attack stops here, you will be able to request a new SMS and verify your account using a new six-digit code after that 12-hour timer has expired. But that is not usually how it can end because there is another twist to this story.
The hacker can wait twelve hours and repeat the same process for the second time and you will be logged out of your account still and at times they can do this for the third time as well, meaning after 12 hours for the first cycle and after the 12 hours of the second cycle they can requests code in the third cycle after 24 hours as well. Talk about nothing better to do.
If the attacker does this, then on the third 12-hour cycle, WhatsApp appears to break down. “You have guessed too many times,” their app will say, “try again after -1 seconds.” There is now no way for the attacker to request or enter new codes, there is no countdown, instead of saying “12 hours” it says “-1 seconds.” It has stalled.
This is how someone can hack your account so easily just by knowing your phone number. WhatsApp is just a huge company with so many people relying on it as a source of everyday communication and yet it is cracking at the seams. As the world’s most popular messenger focuses on mandating new terms of service to enable Facebook’s latest money-making schemes, these much-needed advancements remain “in development.”
H/T: Forbes.
Read next: A recent Whatsapp scam has been identified, which is said to be more dangerous than the previous ones as it will come through from one of your contacts
Similar to this a well-known online messaging application company called WhatsApp has also promised their users with similar things and have provided the users with two factor authentications in order to protect their data. Despite this we hear news of various WhatsApp accounts getting hacked through six digit codes and we know how time consuming and painful restoring an account can be.
Recently another method of you WhatsApp being hacked came forward with just the use of your phone number. You read it right someone can hack into your account and lock you out of it without granting any access just by using your phone number and to think that this can happen on an application which is used by 2 billion people from around the world and that to so easily is mind blowing.
Researchers, Luis Márquez Carpintero and Ernesto Canales Pereña enlightened the world how you WhatsApp can be hacked just by using your phone number. This should not happen though considering that WhatsApp is the form of communication of both private and business chats around the world and the company should be more careful with the data but this hack which is so simple cannot even be protected by the company’s two factor authentication.
So what is this new hack and how does this work? Well, this newly discovered security vulnerability involves two separate WhatsApp processes both of which have an individual fundamental weakness and it’s the combination of those two weaknesses that can deactivate your WhatsApp and log you out of it.
If you are a WhatsApp user, you know when you had set up your account the company had sent a verification code on your phone for you to verify your authentication and if you did now know this you know now so let us move onto how this verification code is a part of you getting hacked.
Anybody can install the WhatsApp application on their phone and put in your phone number. One this is done you will receive the verification code on your phone. You will then receive texts and calls from WhatsApp with the six-digit code. You will also see a WhatsApp app notification, telling you that a code has been requested, warning you not to share it. The hacker would be doing this while you are casually using your account. You will receive a lot of different codes as the hacker will be requesting repeated codes and trying to put in guessed number themselves, but since you do not have any space to put the number you have received because of the hacker you will ignore it and move on with your day. WhatsApp after a few tried of sending codes will stop because of the WhatsApp verification process limiting the number of codes after this happens the hacker will receive a message saying “Resend SMS/Call me in 12 hours,” and no new codes can be sent or generated for the next 12 hours.
This means that the hacker has blocked any new codes from being entered into the verification screen and this will not be a problem for you unless you freak out with all the received codes and deactivate your WhatsApp. Please do not do that because you will not be able to log in or receive codes for 12 hours as well since it was your number that was used and blocked from code verification system.
Then what the hacker will do in the second step is that he will create a fresh new email and send a mail to WhatsApp claiming that your phone number has been a subject of fraud or theft and that they want to disable this account, WhatsApp will ask for the number hacker will immediately mail it back and the WhatsApp that was initially working on your phone will be disabled. Now you will try to reactivate it but your WhatsApp will ask for a code verification that it has sent for you to access into the account. But guess what you will not receive any notification because the hacker had out in too many guesses and your number has been restricted from receiving codes for 12 hours. In short what the hacker did on his phone has affected you the same way.
If the attack stops here, you will be able to request a new SMS and verify your account using a new six-digit code after that 12-hour timer has expired. But that is not usually how it can end because there is another twist to this story.
The hacker can wait twelve hours and repeat the same process for the second time and you will be logged out of your account still and at times they can do this for the third time as well, meaning after 12 hours for the first cycle and after the 12 hours of the second cycle they can requests code in the third cycle after 24 hours as well. Talk about nothing better to do.
If the attacker does this, then on the third 12-hour cycle, WhatsApp appears to break down. “You have guessed too many times,” their app will say, “try again after -1 seconds.” There is now no way for the attacker to request or enter new codes, there is no countdown, instead of saying “12 hours” it says “-1 seconds.” It has stalled.
This is how someone can hack your account so easily just by knowing your phone number. WhatsApp is just a huge company with so many people relying on it as a source of everyday communication and yet it is cracking at the seams. As the world’s most popular messenger focuses on mandating new terms of service to enable Facebook’s latest money-making schemes, these much-needed advancements remain “in development.”
H/T: Forbes.
Read next: A recent Whatsapp scam has been identified, which is said to be more dangerous than the previous ones as it will come through from one of your contacts
What should be done if this thing happen? So sad. My father’s number still cannot be used. When i see his profile, that account is active. Last seen yesterday at 3.23pm. I’ve emailed whatsapp support but unfortunately the same msg been replied to me. It doesnt help.
ReplyDelete