Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

Beware! New WhatsApp flaw lets anyone suspend your account using your phone number

A new flaw that lets anyone completely suspend a user’s WhatsApp account without consent has been discovered. All that the attacker will need to execute the attack will be the user’s phone number. The loophole was discovered by security researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, and was first reported by Forbes.

However, do keep in mind that the attacker can only block a user from their WhatsApp account and not gain access to their account, so private chats and contacts should not be exposed. So, what is the new WhatsApp flaw and how does it work? We take a look:

WhatsApp flaw lets anyone suspend user’s account using their phone number

To implement this, attackers first download WhatsApp on their device and try logging in with the phone number of the victim. Thanks to two-factor authentication, which is constantly sending SMS codes or calls to the victim’s phone number, the attackers are not able to log in and put in the wrong codes.

Given WhatsApp only sends a limited number of codes and due to several repeated and failed attempts, the login is locked for 12 hours. This means neither the victim nor the attacker can log in to the WhatsApp account.

The next part is where it gets interesting. The attacker then registers a new email address and sends an email to support@whatsapp.com requesting to deactivate the number (victim’s phone number), citing lost/stolen phone as the reason.

“So, to be very clear. WhatsApp has received an email referencing your phone number. They have no way of knowing whether this is really from you. There are no follow-up questions to confirm your ownership of the number. But an automated process has been triggered, without your knowledge, and your account will now be deactivated,” as per the Forbes report. 

Within an hour or so, the victim will possibly get a message saying their account has been deactivated as their phone number is no longer registered with WhatsApp on the phone. “This might be because you registered it on another phone. If you didn’t do this, verify your phone number to log back into your account.”

As of now, it is unclear if the loophole is being used to exploit WhatsApp users. “A representative said that providing an email address with your two-factor authentication credentials can help avoid this hypothetical scenario, but that still puts the responsibility on WhatsApp for actually following its own best practices,” a WhatsApp representative told Android Police.



from BGR India https://ift.tt/3d92kSa
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add