
At the first stage, the attacker just needs to install WhatsApp on the smartphone and try to log in with the desired phone number. The messenger will send an SMS with a confirmation code to him, and here it is calculated that the owner of the number will ignore them. After several such attempts, the application on the attacker’s device will report too frequent authorization attempts and will allow the next one only after 12 hours. At the same time, WhatsApp on the victim’s device will continue to work as before.
Notification about impossibility of authorization due to excessive number of attempts
At the second stage, the attacker registers a new email address and writes a letter to WhatsApp technical support, in which he says that his account has been lost or stolen. He asks to turn it off and indicates the victim’s number. WhatsApp can send an automatic email asking you to rewrite the number, and the attacker will do it.
Letter to WhatsApp technical support with a request to block
Further, WhatsApp, without making sure that the real owner of the account wrote to technical support, initiates the blocking procedure. After about an hour, the messenger will suddenly stop working on the victim’s device — she will see a message that her number is no longer registered in the system. “It could have happened because you registered it on another phone. If you have not done so, please confirm your phone number to log in to your account again, ”the notification will say.
WhatsApp reply with confirmation of the request
All of this will work even if the user has activated two-factor authentication. An attempt to request a new code will fail — WhatsApp will only allow you to do this after 12 hours.
Bonus stage and complete blocking
If the attacker decides to stop at the second stage, then everything will end with just the inability of the user to connect to WhatsApp with his number for several hours. After a maximum of 12 hours, the user will be able to regain control over his account and continue working in the messenger exactly as long as someone does not want to repeat the “trick” with blocking.
But in fact, there is an additional, third stage, leading to a complete blocking of the account.
This stage can actually become the second — the attacker does not have to send a letter in support of WhatsApp, he can simply wait 12 hours, and then again make several attempts to register someone else’s number on his phone. After the third 12-hour blocking, WhatsApp will break down, and instead of a timer counting down the time until the next authorization attempt, it will show “-1 second”, moreover, constantly. This is a glitch in the messenger that cannot be bypassed.
Hanging timer on the phones of the victim (left) and the attacker
This picture will be observed both on the hacker’s device and on the victim’s smartphone, and as a result, no one else will be able to log in to the messenger using this phone number. The only thing left is to try to contact WhatsApp technical support and look for solutions to the problem.
WhatsApp does not solve the problem
An article in Forbes shedding light on a new issue in WhatsApp was published on April 10, 2021. By April 13, 2021, the developers had not released an update that fixes it and did not set a timeline for its release.
Instead, they are preparing for the implementation of a new privacy policy, according to which the messenger will automatically transfer huge amounts of personal data of users to Facebook for better ad targeting.
WhatsApp intended to introduce this policy on February 8, 2021, but was forced to temporarily abandon this idea due to a barrage of criticism. The new date of its entry into force is May 15, 2021, and all those who are not going to agree with it will face a very serious punishment.
In February 2021, CNews wrote that those who disagree with the new WhatsApp privacy policy will no longer be able to send and receive text messages. The developers will leave them with only voice calls. Moreover, the profiles of those users who stop using WhatsApp and switch to other messengers are guaranteed to be completely deleted.
Other WhatsApp problems
WhatsApp is known not only for the fact that it is used by billions of people, but also for the fact that it does not always value its users. For example, in June 2020, it became known that some phone numbers associated with user profiles in WhatsApp had been in the public domain for a long time and even got into Google search results. In total, with the help of Google, it was possible to find up to the number of about 300 thousand messenger users, and this problem was of a global nature.
WhatsApp is still in first place in terms of the number of users
In November 2019, CNews reported that WhatsApp users were automatically permanently blocked for participating in harmless group chats. It turned out to be possible to fall under the sanctions for changing the name of the chat to something that would seem to the moderators of the service to be something sinister, illegal or malicious.
At the same time, WhatsApp was in no hurry to fix this failure. To all inquiries from victims about the reasons for the blocking, the messenger employees answered that the users themselves violated the rules of the service, and the blame for the blocking lies solely with them. As a result, people had to either change their phone number to register a new profile, or go to other services — Telegram, Viber, Signal and others.
Thanks for attention!