Security They discover a new virus that steals your WhatsApp pretending to be Netflix
WhatsApp The 5 great news about to reach your mobile
The
messaging application
contains a new security flaw
that allows cybercriminals to
block the account of any user just by knowing their
associated
phone number
, in a process that can be carried out in twelve hours.
This has been alerted
by cybersecurity researchers Luis Márquez Carpintero and Ernesto Canales Pereña
, who have explained that the vulnerability affects even users who have activated the
two-factor authentication system
that WhatsApp uses to incorporate an additional layer of security, as stated Forbes.
The security failure of the 'app' is due to
two independent processes in WhatsApp
that, used by a cybercriminal, allow him to block an account and prevent the owner from accessing it again.
The first part of the vulnerability is that
anyone can enter the phone number of a WhatsApp user
.
In that case, the victim receives the six-digit verification code by SMS or by call, and also a notification advising of the request for the code, and reminding that it should not be shared with anyone under any circumstances.
The security flaw lies in the fact that cybercriminals can carry out this process while the user continues to use their WhatsApp account in a normal way, just by knowing the victim's phone number.
By repeatedly entering an erroneous SMS password
-which the user will ignore because he has not requested it or has the possibility of entering it-, cybercriminals can select the option given by the application to
send a new code within twelve hours
, which blocks the introduction of security codes in the meantime.
As a second part of the vulnerability, cybercriminals can send an
email message to WhatsApp support
, warning of an alleged theft of the phone and
requesting that the account be deactivated
.
In this process, you only need to confirm the phone number associated with the account.
After this,
WhatsApp begins the process to deactivate the user's account
, and the victim receives a notification to notify them that their phone number is no longer associated with the account.
When you try to reset and the phone number is entered, WhatsApp does not send a new code by SMS and
warns that it is necessary to wait twelve hours
because too many requests have been made before.
However, after twelve hours, instead of enabling a new code, WhatsApp warns that
there are "-1 seconds" left
to generate a new SMS key.
This error message is displayed to both the victim and the attacker.
In this way,
the user's account is permanently blocked
, according to the researchers, and the victim
will only be able to reactivate it if they contact
support directly
to review the case manually.
According to the criteria of The Trust Project
Know more
WhatsApp
TechnologyThe revolutionary novelty of WhatsApp that will change the relationship between the app and its millions of users
AppsWhatsApp: The 5 great news about to reach your mobile
Tricks Is it possible to know the location of your WhatsApp contacts without them sending it to you?
See links of interest
Holidays 2021
Home THE WORLD TODAY
West Bromwich Albion - Southampton
TSG Hoffenheim - Bayer 04 Leverkusen
Benevento - Sassuolo
Celta de Vigo - Seville
Alcorcón - Castellón