Given the popularity and amount of personal data that can be accessed through WhatsApp, the chat platform is a prime target for hackers. There is a new security flaw Whatsapp As a result, almost anyone can delete your WhatsApp account without your knowledge. All the staff needs is your phone number and no “hacking skills”. By deleting your WhatsApp account, the attacker will of course not have access to your personal data. However, you may lose your What account forever and you may need to open a new account to continue using WhatsApp.
According to a report by ForbesSecurity researchers Luis Márquez Carpintero and Ernesto Canales found that it is relatively easy to block a WhatsApp user simply by entering incorrect 2FA (Two-Factor-Authentication) codes several times.
After entering several incorrect codes, WhatsApp automatically locks the account for 12 hours. The attackers then register a new email address with the WhatsApp account and send an email to the WhatsApp support team asking them to delete the account as a “number due to a lost or stolen account”.
According to the report, the WhatsApp support team is actually deleting the account without further verification.
While this may sound scary, in real life this attack is not that easy to carry out. This is simply because WhatsApp first requests an OTP verification via SMS before asking for the 2FA code. This means that the attacker must first have access to your phone in order to get the OTP or find other ways to steal the OTP from your device.
This means that the person needs to know you and who you are safe to hand over your phone to for this attack to actually work. Or, there is a chance that a remote attacker could use any remote desktop app to steal the OTP from your phone. However, the likelihood of a remote attacker taking advantage of this is lower because very few hackers would want to take the pain of a remote attack in order to delete your account.
WhatsApp had introduced 2FA to protect itself from attackers using WhatsApp on another device without informing the victim. While the system works well, no one would have thought that someone sitting next to you would simply want to delete your WhatsApp account instead of hacking it.