Crazy gap discovered
Everyone can lock your Whatsapp Account and you can’t do anything about it
Whatsapp is the most popular Messenger in the German
© Whatsapp and mdphoto16 / Getty Images
Again and again there have been reports of stolen Whatsapp Accounts. Two-factor authentication is supposed to protect. But of all things, this process can be use to lock Accounts, in whole without the owners should do something about it.
No contact with friends, colleagues, family, a class group or the digital Stammtisch: to be Suddenly made completely from Whatsapp locked out, is likely to be for many people a nightmare. Finally, the Messenger for the majority of Germans by far the most important App. But that’s exactly what you can do to any Person to you. You also need to use your phone number is.
This is just been a security expert discovered, according to “Forbes”. Accordingly, any Whatsapp Accounts SNiP off by combining two vulnerabilities, which can cause no damage. Particularly dramatic: For the attack, you need no other resource than any of the E-Mail address. And it works even if the backup of the Accounts Two-factor authentication has been turned on.
Whatsapp: this is how the lock works-attack
The attack consists of two measures, intended to help the users. You have to register with a new Smartphone in the case of Whatsapp, you have to verify via SMS Code for the device. That is exactly what the attackers are doing well. The SMS will land with the Person that owns the Account actually. But can’t do anything with it. The screen for entering the Codes will only appear on the new device. The goal of the attacker is anyway: Allows you to send many SMS, pushes Whatsapp sometime a tie and allowed for 12 hours, no further requests.
For those Affected, this here is no Problem: you can use Whatsapp normally. To the SMS-Spam security requests, you have no downside, as long as you do not want to transfer just happen, even in this Moment of Whatsapp on another device. But now a level two.
Suddenly locked
Here, too, is actually a security measure. Can a stolen Whatsapp Account lock, the Messenger, the Option to request an e-Mail blocking. If you have filed no, the attacker simply log in. And then the Account lock. A short time later, the message suddenly appears on the Smartphone of the victim: This telephone number is not registered with Whatsapp. To fix the Problem, you should verify by SMS but this Option is locked now in time, learns the user for the first Time. Until the expiry of the revocation period it is cut off from the Messenger.
Even worse, this mesh is, however, by a bizarre error in Whatsapp, discovered by the security experts. Because: not a Block, the attacker’s Code-query – but a total of three times, comes to the 12-hour waiting period. Instead, the App then displays a timeout of -1 seconds. The passes, of course, never: The Account is no longer unlock without further ADO free.
The mesh works at all, is what apps customer support: Apparently, the E-Mail responsive Support automates the request to the Account will be blocked, a query by an employee or on the phone seems not to take place. The latter is quite understandable: such As Whatsapp to go, finally, that number is right, if the Support request is just to compromise this phone number. The combination of the different steps, but inexperienced users without any Action on your part and without technical knowledge by the attacker to your Account can be brought, is quite a serious Problem.
So Whatsapp is responding to the error
In order of “Forbes” confronted, responded Whatapps parent company, Facebook, is remarkable. It was an “unlikely scenario”, said a spokesman for the magazine. “The security researchers described the circumstances would hurt our terms of use,” said the group, as this would reduce the likelihood of an attack. What apps recommendation: to protect against the attack, should the user an E-Mail address. This would block the gap for the blocking by a third party. “We advise anyone who is in need of help, write to our Support Team an email, so that they can look at the case.” Whether you are going to fix the gaps and errors in the next time, didn’t want to answer, the speaker according to the report.
The users now have to fear for your Account, the first little bit. After all, there is a clear warning sign: you get a sudden several requests a security code in Whatsapp to enter, without even asking, this indicates an attempt to block the Account. Then, however, asked to Act quickly After the Occurrence of the first lock, the attacker must wait at least 12 hours to start the next wave. Once again 12 hours later, the Account is not in doubt, but then. In the 24 hours after the first SMS-wave, you should enter at least your own e-Mail address. And immediately contact with Whatsapp record.
Alternatively, you can take but, of course, the attack to the occasion, for Alternatives for the Messenger around. The best you can find in this Text.
Source: Forbes, Statista
Also read:
“Finally, we no longer understand us at all” – such As Whatsapp, our communication changed
That’s why Whatsapp is the favorite App of the rip-off
Whatsapp: With these Tricks you get everything from the Messenger
