It works as follows: the attacker downloads WhatsApp to a new device and enters the number of the user he wants to block, posing as his own. At this time, login codes are sent to the user’s smartphone using two-factor authentication. Of course, an attacker will not be able to view them, but making unsuccessful attempts to enter is quite. Subsequently, after a series of unsuccessful attempts, the user’s login will be blocked for 12 hours.
Moreover, the attacker can then contact the support of the messenger from his e-mail, posing as a user, report the loss or theft of the smartphone, and ask to block it. WhatsApp then “verifies” this information by sending a response email and blocks the account. It is worth noting that although the problem is serious, it cannot lead to the fact that user chats will be available to attackers.