A WhatsApp security flaw It can make it easy for anyone with your phone number to lock your account.
A security breach, which we hope WhatsApp correct in the foreseeable future, it may cause you to lose your account for about 12 hours or much longer.
The problem has been revealed by two Spanish researchers called Luis Marquez Carpenter Y Ernesto Canales Peña. This failure allows you to temporarily block the account but, in no case does it allow you to access the chats, messages or contacts that we have in the app.
Anyone with your phone number can block your access to the WhatsApp app:
How are you going to see below, the mechanism to bring out the security flaw in WhatsApp It is very simple.
One person installs the app WhatsApp on a mobile and enter your number to activate the service. By not being able to verify your identity, since the verification message will reach us, enter several random verification keys that fail and that, after several attempts, the app does not allow the attacker to enter new codes for 12 hours.
For now to us WhatsApp it will still work, but this is where the problem comes from. The person who has tried to activate our account on their mobile, sends an email from an email created for the occasion, for example a new account from Gmail, to the support address of WhatsApp. In that message, it is enough to communicate that your mobile has been stolen or lost and ask that the service be deactivated.
WhatsApp By processing this information through an automated process, it believes that the attacker’s identity is yours and simply suspends your account. What do you think?.
In the event that this happens to us, we will have to wait for this 12-hour period to end in order to activate the account. Not knowing when that 12 hour countdown started, you will have to randomly test until it ends. Once the service is recovered, you will be exposed to the attacker repeating the operation over and over again.
Our recommendation to avoid this WhatsApp security flaw:
At the moment little can be done, but we can alert WhatsApp that you want to access our account as soon as we receive the first verification message that reaches our terminal. For this we will write an email to support WhatsApp explaining that they want to supplant our identity and, with this, leave a possible temporary suspension of our account in advance.
We will have to do this while WhatsApp do not remedy it and, it seems, at the moment they do not plan to do so.
All the best.