WhatsApp faces a new problem. A flaw in its two-factor authentication method makes it easy to suspend an account.
The WhatsApp application continues to be talked about. The service has seen tough times, and an exodus to Signal, but promises a lot of improvements for the months to come.
Perhaps one of them will be the correction of the verification system, which has a severe problem: the ability to suspend your account by knowing only your phone number.
A simple method
To do this, the attacker just has to install WhatsApp on a new device and provide your phone number when registering.
The process will not go further, at this point WhatsApp indeed sends a verification SMS to the contact number, that is to say to your SIM card. It is WhatsApp’s two-factor authentication system that kicks in.
Problem, if the person repeats the operation several times, the identification is blocked for 12 hours. She can then contact WhatsApp support by email and request the suspension of the account, citing a phone theft. Suspicion will be heightened by wrong connection attempts.
For security reasons, WhatsApp will therefore suspend the account, without closing it, and without ever asking for your opinion.
No account access
If this method allows malicious actions against WhatsApp accounts, we can still be reassured knowing that it is not a method of accessing the account. We’re not talking about hacking here, or accessing your WhatsApp account information.