New WhatsApp Vulnerability Could Compromise Your 2FA Codes On iOS And Android

WhatsApp launched a two-factor verification service for its billions of users back in 2017. With this authentication method, the company aimed to add an extra level of security to the messaging application.

In other words, whenever you need to set up WhatsApp on a new phone, you will receive a one-time password for verification purposes. So, the OTP sent on your registered number ensures that others can’t access your WhatsApp account in any way.

WhatsApp has always been criticized for bugs and vulnerabilities in its messaging service. As per the WABetaInfo report, someone found a new vulnerability in the Android and iOS versions of WhatsApp. The user discovered that the two-factor authentication passcode was stored in a plain text file.

Since the file is saved only in the sandbox, it is not accessible to other third-party applications. Moreover, the file is also not stored in the regular WhatsApp backups.

Here’s how WhatsApp keeps the two-factor authentication passcode in a plain text file. You can see that the files are stored in a private container.

The Vulnerability Also Exists On Android Devices

On the other hand, the passcode text file is also visible on rooted Android devices. So, it means that other apps with root permissions can access the file to read it.

An Android user posted a screenshot explaining that anyone can access the encrypted text file.

It is worth mentioning that third-party applications or intruders can’t simply use the 2FA code to access your WhatsApp account. A six-digit PIN code that is sent to your registered phone number is also needed. So, users should not worry about getting hacked.

According to WABetaInfo, considering the fact that some iOS versions may have certain vulnerabilities, the company shouldn’t leave the file unencrypted. Thus, WhatsApp should patch the exploit so that the app stores the passcode in an encrypted text.

Tags

Alex Schoff


Alex is a technology reporter with a particular interest in Microsoft and Windows. He keeps a close eye on major developments related to Windows 10, Google Chrome, Office 365, and more.
Close