In a recent report, we discovered a WhatsApp vulnerability through which scammers and hackers can temporarily or permanently block your mobile number, thus preventing you from accessing your WhatsApp account without requiring physical access to your phone or contacting you, even if you’ve enabled Two-Step Verification.
Meta’s WhatsApp claims to be one of the most secure applications, boasting two key features: end-to-end encryption and Two-Step Verification. End-to-end encryption ensures that only the intended recipient can read your messages, while Two-Step Verification safeguards your WhatsApp mobile number from misuse in case you lose access to it.
Security Features of Meta’s WhatsApp
Meta’s WhatsApp prides itself on being a highly secure messaging application, offering robust security features designed to protect user data and privacy. These security features play a crucial role in ensuring the integrity of your communication and account. Let’s delve deeper into these two key security elements:
1. End-to-End Encryption
End-to-end encryption is a fundamental security feature that WhatsApp employs to safeguard the confidentiality of your messages. Here’s how it works:
- When you send a message through WhatsApp, it gets encrypted on your device.
- The encrypted message remains in this unreadable form as it travels through WhatsApp’s servers.
- Only the recipient’s device possesses the decryption key necessary to decode and display the message.
- This means that, during transit and while stored on WhatsApp’s servers, your messages are virtually impossible for anyone other than the intended recipient to read.
In essence, end-to-end encryption ensures that your private conversations remain private, and even WhatsApp itself cannot access the content of your messages.
2. Two-Step Verification
Two-Step Verification is another critical layer of security provided by WhatsApp to protect your account. This feature becomes particularly valuable if you ever lose access to your WhatsApp mobile number. Here’s how it functions:
- Two-Step Verification requires you to set up a six-digit PIN that you must enter whenever you’re verifying your WhatsApp number on a new device or after a significant account change.
- This PIN adds an additional barrier of security to your account, making it challenging for anyone to gain unauthorized access.
- In case someone attempts to take control of your WhatsApp account, they would need both your mobile number and the unique PIN you’ve set up.
Two-Step Verification serves as a powerful deterrent against misuse of your WhatsApp account, even if someone gains access to your mobile number. It provides an extra layer of protection and control over your account’s security.
Meta’s WhatsApp’s commitment to end-to-end encryption and the implementation of Two-Step Verification underscores its dedication to providing users with a secure and private messaging experience. These features combine to offer a high level of security, ensuring that your personal information and conversations remain confidential and protected.
How can fraudsters or attackers block your WhatsApp without accessing your device or contacting you?
The attacker only requires your mobile number, which they can obtain from any WhatsApp group you’ve joined or from other sources, including data breaches on social media platforms, government databases breaches, or elsewhere.
Once the attacker has your mobile number, they install WhatsApp on their device and use your mobile number to request multiple OTPs. Here, the attacker takes advantage of WhatsApp’s OTP limit policy. Under suspicion, WhatsApp may temporarily restrict your access, preventing you from requesting WhatsApp OTP verification. These restrictions can last anywhere from a few hours to 12 hours.
During this time, the attacker sends an email from their account, claiming that your WhatsApp has been compromised and requesting WhatsApp to deactivate your account.
Once your account is deactivated, you can regain access in 7 days, and the attacker can repeat the same process.
Why can’t Two-Step Verification protect you?
WhatsApp’s Two-Step Verification comes into play after you have successfully entered the valid OTP and verified your WhatsApp number. Before that, you must verify your mobile number by entering a six-digit OTP sent by WhatsApp.
What can you do from your end?
WhatsApp has not yet provided a solution, but you can report any unexpected OTPs for WhatsApp verification. If you receive an OTP that you did not request, you can contact WhatsApp at [email protected].