News update on Tech, Smartphones, Laptops, Wearable devices, DIY, Gadgets review, specs, upcoming Gadgets, launch dates, how tos, and Tech tips.

How to keep an attacker from keeping you out of WhatsApp

WhatsApp Pay In India

 

How to keep an attacker from keeping you out of WhatsApp

 

The results are more annoying than dangerous, but the newly exploited habit of WatsApp’s two-factor authentication system makes it relatively easy for an attacker to lock you out of your account at different times. .. And at the time of writing this article by boldtechinfo, the only thing a malicious person needs to do is know the phone number associated with their WhatsApp account. that’s it.

The attack itself is very easy to carry out.So Android police Description:

This newly discovered defect uses two separate vectors. An attacker installs WhatsApp on a new device and enters your number to activate the chat service. Of course, they can’t confirm that. The two-factor authentication system sends a login prompt to the phone instead. After many and repeated failures, the login will be locked for 12 hours.

It’s important to note that with your account locked, an attacker sent a support message from your email address to WhatsApp, your (your) phone was lost or stolen, and it’s associated with your number. To claim that you need an account. Deactivated. WhatsApp “confirms” this in the reply email and suspends the account without any input on the part of the user. An attacker could repeat this process several times in a row to create a semi-permanent lock on the account.

The silver lining here is that the attack can’t really be used invade It only offends you by making your account unavailable for a period of time (if the attacker is really enthusiastic, it could be available forever).

 

WhatsApp representative said Forbes The easiest way to protect yourself from this type of attack is to make sure that your email address is associated with a two-step verification process to prevent an attacker from impersonating your identity.You can now do it by pulling it up WhatsApp, Its read Setting,Tap Two-step certification, And enter your email address (or make sure you have already entered it).

This doesn’t block the attack itself, but it makes it much easier to help WhatsApp’s customer service team get into a “prevented account authentication” feedback loop. Become. An attacker impersonates you and contacts WhatsApp your Your account has been hacked and WhatsApp needs to deactivate your account. (Then you “receive” the code to undo the incorrect deregistration. You will not be able to enter the code due to previous tricks. This will temporarily prevent you from entering the incorrect 2FA code. .)

 

This is not complicated and needs to be fixed easily. WhatsApp can use 2FA as a circuit breaker to ensure that apps on devices with 2FA registered can prevent this issue. More simply, when multi-device access finally appears, WhatsApp can use the concept of trusted devices to allow a validated app to validate another app. This is a much better system and shuts down this vulnerability.

WhatsApp is investigating this issue and hopes to patch the 2fA verification process (or account invalidation process) to disable these types of drive-by-style attacks.In the meantime, probably consider using it Completely different WhatsApp number, If possible, to minimize the risk of being locked out.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More