Disclaimer: This article is for educational and legal purposes only. We do not promote or support any illegal activities
Yes, you read that right, this is not clickbait. I discovered a WhatsApp bug in its two-step verification that lets you bypass the security feature. I stumbled upon it completely by accident a few months ago.
WhatsApp Bug in Two-Step Verification
Two-step verification in WhatsApp prevents strangers from accessing your account if they get your phone. It doesn’t appear every time you open WhatsApp, but it does appear almost every time you log in on a new phone. Let’s first look at how it works before we explore the flaw.
How WhatsApp’s Two-Step Verification Works
The check triggers only when you directly interact with the app for example, when logging into WhatsApp on your phone or when the two-step verification prompt appears. WhatsApp assumes users will interact only through its official app, not via other software.
The Logic Flaw Behind WhatsApp’s Security Check
This assumption leaves a loophole. If someone interacts with WhatsApp through a third-party app, the two-step verification screen doesn’t appear. In this case, an attacker could read messages, send replies, and perform normal actions without entering the PIN. The flaw might be linked to the splash screen, which seems to control the verification trigger.
The Incident
One day, I opened my mother’s WhatsApp to send a PDF. The two-step verification screen appeared, blocking me. She was busy, so I didn’t want to disturb her. Out of curiosity, I opened the file manager, selected the PDF, and used the share button to send it directly to WhatsApp.
To my surprise, I bypassed the two-step verification completely. I could send the PDF, open chats, read messages, and even reply all without entering the PIN. The moment I closed WhatsApp and reopened it, the verification screen came back.
This means you can bypass two-step verification by sending something externally into WhatsApp. I reported the bug to WhatsApp immediately, but their response was less enthusiastic than I expected.
Video Proof
Conclusion – Is the WhatsApp Bug Fixed?
This WhatsApp bug in two-step verification allowed me to bypass a core security feature. I found it about a year ago, so it’s possible WhatsApp has already patched the flaw.
Either way, this shows how even big apps can have simple, overlooked loopholes. Stay tuned for more discoveries. follow our blog for updates.
🔎 You May Also Like
- Information Disclosure
- Types Of Hackers
- OWASP Juice Shop | Part 1 – ScoreBoard Solution
- OWASP Juice Shop | Part 2 – Bully Chatbot