News18 : Jan 27, 2020, 04:56 PM
Jeff Bezos is in the news. Saudi Crown Prince Mohammed Bin Salman is in the news. Why? Because, WhatsApp. Now, whether the Saudi Crown Prince had anything to do with the alleged hacking of Bezos’ WhatsApp or not, there remains no doubt that the Facebook owned WhatsApp has some serious privacy and security issues. This isn’t the first time it has happened either, as the past 12 months or so would testify. That puts its more than 1.6 billion users at risk. Including you. And here is what you should do with WhatsApp on your phone. Believe me, you have not done this already. Just do it!Open WhatsApp on your phone and go to Settings -> Account -> Two-Step Verification and tap on Enable. This will allow you to create a six-digit PIN which you will have to punch in any time you want to set up WhatsApp on any phone. This is separate from the verification code that you may get via SMS at the time of logging into WhatsApp for the first time on a phone. After setting up this PIN, you can also optionally enter an email address which will allow WhatsApp to send you a link to reset the two-step verification in case you forget the six-digit PIN.
But why do you need this? All it takes is a hacker to get control of one WhatsApp account to be able to replicate the same hacking technique on pretty much everyone else in your WhatsApp contacts list and groups. The way these work is that a hacker will try to authenticate the WhatsApp accounts of other users on a device that he or she may have, and for that, the first time verification PIN will be sent by SMS—and the hacker will send a harmless looking message from the person whose account has been hacked to everyone in the groups to forward the message they receive. The moment you do, believing it is your friend who is messaging (who isn’t—actually, the friend doesn’t even know this is happening) and you may forward that message anyway. Armed with the first layer authentication PIN, a hacker is then able to take charge of other WhatsApp accounts.Now, at this stage, if you have the two-step verification enabled, a hacker will be unable to actually set up your WhatsApp account, because they will not have this six-digit pin which you created as a second line of defense. A user whose account has been hacked will only know when they actually open WhatsApp and they receive a pop-up saying that their WhatsApp account has shifted to another device and they need to re-verify here to continue. And that can get messy.
Also do keep in mind that if you get an email from WhatsApp saying that you have requested to disable the two-step verification, but you didn’t do it, do not click on that link. It is someone trying to hack into your account.
Do remember that this PIN is important. WhatsApp says that if you have two-step verification enabled, your number will not be permitted to reverify on WhatsApp within 7 days of last using WhatsApp without this PIN in case you don’t remember it anymore. That is why it is important to provide an email address to disable two-step verification. After these 7 days, you can again reverify your WhatsApp account without the two-step verification PIN, but you'll lose all pending messages which will have been deleted.
But why do you need this? All it takes is a hacker to get control of one WhatsApp account to be able to replicate the same hacking technique on pretty much everyone else in your WhatsApp contacts list and groups. The way these work is that a hacker will try to authenticate the WhatsApp accounts of other users on a device that he or she may have, and for that, the first time verification PIN will be sent by SMS—and the hacker will send a harmless looking message from the person whose account has been hacked to everyone in the groups to forward the message they receive. The moment you do, believing it is your friend who is messaging (who isn’t—actually, the friend doesn’t even know this is happening) and you may forward that message anyway. Armed with the first layer authentication PIN, a hacker is then able to take charge of other WhatsApp accounts.Now, at this stage, if you have the two-step verification enabled, a hacker will be unable to actually set up your WhatsApp account, because they will not have this six-digit pin which you created as a second line of defense. A user whose account has been hacked will only know when they actually open WhatsApp and they receive a pop-up saying that their WhatsApp account has shifted to another device and they need to re-verify here to continue. And that can get messy.
Also do keep in mind that if you get an email from WhatsApp saying that you have requested to disable the two-step verification, but you didn’t do it, do not click on that link. It is someone trying to hack into your account.
Do remember that this PIN is important. WhatsApp says that if you have two-step verification enabled, your number will not be permitted to reverify on WhatsApp within 7 days of last using WhatsApp without this PIN in case you don’t remember it anymore. That is why it is important to provide an email address to disable two-step verification. After these 7 days, you can again reverify your WhatsApp account without the two-step verification PIN, but you'll lose all pending messages which will have been deleted.