Advisory ID: NCC-CSIRT-040423-018
Summary: In the world of messaging apps, one of the most popular and recognizable is WhatsApp. WhatsApp is 100% free-to-use, has a great mobile app, and supports audio and video calls. No matter how you rely on WhatsApp for all your messaging needs or just use it from time to time, it is recommended setting it up with two-factor authentication (2FA). With this enabled, you will need to enter a custom PIN every time you log in to WhatsApp from a new device, adding an extra layer of security to your account.
Vulnerable Platform(s): All Operating Systems
Threat Type: N/A
Product : WhatsApp
Version: All Versions
Description: Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. 2FA gives businesses/ people the ability to monitor and help safeguard their most vulnerable information and networks. 2FA is important because it prevents cybercriminals from stealing, destroying, or accessing your internal data records for their own use. The popularity of WhatsApp which is a Meta-owned service makes it a prime target for hackers and scammers who are always looking for ways to gain unauthorized access to your account. For additional security, WhatsApp provides two-factor authentication so you can further secure your account using a PIN. It is an optional feature that adds more security to your WhatsApp account, but it is recommended that everyone installs 2FA to protect themselves.
Consquences: Account Takeover
Impact/Probability: HIGH/MEDUIM
Solution :
To Enable 2FA on WhatsApp, follow the following steps;
1. Open WhatsApp
2. Tap Settings
3. Tap Account
4. Tap Two-Step Verification
5. Tap Enable
6. Enter the Six-Digit PIN you wish to use
7. Tap Next, then enter it a second time to confirm it.
8. Tap Next
9. Add an email address for extra security (this step is optional but it is an extra way to retrieve your account if you forget your Pin).
10. Tap Next
How to Change Your WhatsApp Pin or Email Address
You may wish to do this regularly if you're worried that your PIN is easy to guess or someone else may have figured it out. Make sure an active email address is always used so you don't get locked out
1. Tap Settings > Two-Step Verification.
2. Tap Change PIN or Change Email Address.
3. Enter your new PIN or email address, then tap Next.
4. Your PIN or email address is now changed.
References:
https://www.lifewire.com/how-to-use-two-step-verification-2fa-in-whatsapp-4782837
https://www.microsoft.com/en-us/security/business/security-101/what-is-two-factor-authentication-2fa
https://www.androidpolice.com/whatsapp-would-please-you-enable-2fa/
https://faq.whatsapp.com/1278661612895630\