WhatsApp released a two-factor verification function of billion of users in 2017. The company intended to extra secure the messages. Meaning that when a user sets up WhatsApp on a new device, a one-time password will be sent for verification.
The OTP sent on your registered number guarantees you that no one can’t access your WhatsApp account. So, what can be wrong with the messaging app? Over time, the messaging service’s vulnerabilities and bugs have always been criticized. A recent report, however, turns WhatsApp’s 2FA authentification passcode into a questionable matter.
WhatsApp’s Faces New Vulnerability
WABetaInfo reported that there is a new WhatsApp vulnerability in the iOS and Android versions. The 2FA authentification passcode was stored apparently in an only plain text file. The data is saved in the sandbox, making it inaccessible for other third-party apps. But, the file is not stored at all in the regular WhatsApp backups. WABetaInfo explained: “Being into the sandbox, no other apps can read that file, but there are some cases that should force to encrypt the 2FA code.”
The passcode text file can be visible on rooted iOS and Android devices. If other apps got root permissions, they can access the data and read it. Many Android users reported such issue and posted lots of screenshots stating that anyone can access the encrypted text file.
Moreover, the intruders or third-party apps can’t utilize the 2FA code to access a WhatsApp account. But, as mentioned in the beginning, a six-digit PIN code is also needed. So, you shouldn’t worry about possible hackings. Some iOS versions have some vulnerabilities, too, and WhatsApp shouldn’t let the file unencrypted, according to WABetaInfo. Therefore, WhatsApp might patch the issue so that the app stores the passcode in an encrypted text.