The attack can be carried out as literally anyone can install WhatsApp on their device and enter in a mobile number belonging to someone else during the initial account set-up process. If someone does this, then you will receive texts and calls from WhatsApp giving you a crucial six-digit code needed to complete the setup process.
Unless a hacker someone manages to get you to send across this code, the likelihood of them managing to guess it is nigh-on impossible. So what would happen is an attacker would attempt to enter in this crucial code, and keep on failing.
READ MORE: WhatsApp wants to end nightmare of switching from iPhone to Android
Instead of being told that new set up codes can be created in 12 hours time, WhatsApp tells a user to try again in minus one seconds.
If the attack has progressed to this point, and the attacker has messaged WhatsApp support before a victim has, then the target will face a major headache trying to retrieve their account. Researchers said by this point it’s “too late” and instead of dealing with an automated help system a victim will have to try and track down someone to speak to in person.
Speaking about the threat, ESET’s Jake Moore said: “This is yet another worrying hack, one that could impact millions of users who could potentially be targeted with this attack. With so many people relying on WhatsApp as their primary communication tool for social and work purposes, it is alarming at what ease this can occur.”
While a WhatsApp spokesperson said “providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate.”
This article originally appeared on Daily Express :: Tech Feed