Jump to content

Search the Community

Showing results for tags 'whatsapp'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 61 results

  1. On the same day Facebook has said it will expand its WhatsApp messaging product to include Facebook and Instagram, the popular encrypted messaging service got endorsed by an unlikely source: Roger Stone. "Want to talk on a secure line — got Whatsapp?" Stone asked a Trump campaign supporter in October 2016, before allegedly telling the supporter about forthcoming damaging material on Hillary Clinton, according to an indictment released Friday. Stone presumably favored WhatsApp because it's one of a very few services that offer "end-to-end encryption" on both messages and phone calls, as well as communications that include photographs and documents. This means messages sent via the platform are scrambled so that only the sender and receiver can view them on their respective devices, making it almost impossible for outsiders to monitor communications. Even the information about who's on the other end of the line is obscured from view, so outsiders can't easily scan carrier records or internet service provider records to discover that two parties were in touch. WhatsApp voice calls, which appear to be what Stone was allegedly proposing, are similarly encrypted. Somebody within earshot could hear the conversation, but the data making up the voices on the call are encrypted in transit, and prying parties trying to tap any line in between would likely be unable to monitor the scrambled content of the conversation. This may not work, however, if either party is running an old version of the application, so it's not foolproof. These features have made WhatsApp a favorite of many people who wish to keep their communications under an additional layer of privacy. They include criminals and terrorists — but also people who simply enjoy privacy, and even cybersecurity expertsbattling criminals. Security professionals often use applications like WhatsApp to communicate "out of band" — in other words, off official work channels — about investigations that they need to keep private internally. It's unclear from Stone's indictment whether any of the communications cited were actually conducted via WhatsApp or came from other channels. But even if WhatsApp had been used, the special counsel investigation so far has shown these communications are recoverable in some circumstances, as they apparently have for Michael Cohen and Paul Manafort. For instance, if somebody on either end of the conversation willingly gives up the information, or it's stored on a device that's not password-protected and belongs to one of the parties, then it's possible for an outsider to see what was discussed. Competitors in the encrypted communications space — including my favorites, Wickr and Signal — offer similar advantages with some added security benefits as well. For instance, Wickr lets you thoroughly destroy old messages and make encrypted video calls and voice memos, and Signal offers simple group messaging and lets you set a time limit on when to destroy messages. WhatsApp may face an uphill battle in continuing to appeal to those seeking heightened access to private communication channels, as Facebook links its other products to the application. Source
  2. Post a comment Facebook Facebook to merge WhatsApp, Messenger, Instagram messaging The company wants to make it possible to send messages among the services while keeping the brands separate. Facebook plans to create a single underlying messaging platform for WhatsApp, Messenger and Instagram, a move that would allow users to send messages across the three standalone apps. The three apps will remain separate, but they'll be brought together under a single messaging platform or protocol. The changes would make it possible to send messages from one of the company's chat systems to another -- so you could speak to your Messenger-only friends without leaving WhatsApp. Facebook said it's still figuring out the details, but the apps would include end-to-end encryption, which ensures that only the participants of a conversation can view the messages being sent. The tech firm, which has faced a series of scandals over data misuse and privacy, plans to finish this work by the end of this year or early 2020, according to The New York Times, citing four people working on the project. "We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private," a Facebook spokesperson said in a statement. "We're working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks." The strategy also highlights how Facebook CEO Mark Zuckerberg is exerting more control over the companies Facebook acquired for billions of dollars. Facebook purchased WhatsApp for $19 billion in 2014 and Instagram for $1 billion in 2012. Some of these founders reportedly have butted heads with Zuckerberg and left the company. That list of departures includes Instagram co-founders Kevin Systrom and Mike Krieger, WhatApp's Brian Acton and Jan Koum and Oculus co-founders Palmer Luckey and Brendan Iribe. Integrating the apps could help Facebook make more money from ads by getting its users to spend more time texting in its chat apps rather than turning to other texting services by Apple and Google, according to people who spoke to the Times. But the changes might not sit well with some Facebook users, who have become more wary about the data the company shares with other tech firms following a number of scandals. Last year, revelations surfaced that UK political consultancy Cambridge Analytica harvested the data of up to 87 million Facebook users without their permission. It's unclear what user information will be shared among Facebook Messenger, Instagram and WhatsApp. Facebook is expecting messaging to play a much bigger role in its future. In October, Zuckerberg said a growing number of users are shifting from posting publicly to sharing privately in messaging apps. Source
  3. In-short conclusion—Whatsapp service or its 45-days deletion policy doesn't seem to have a bug. For detailed logical explanation, please read below. An Amazon employee earlier today tweeted details about an incident that many suggests could be a sign of a huge privacy bug in the most popular end-to-end encrypted Whatsapp messaging app that could expose some of your secret messages under certain circumstances. According to Abby Fuller, she found some mysterious messages on WhatsApp, notably not associated with her contacts, immediately after she created a new account with the messaging app on her brand new phone using a new number for the very first time. Fuller believes that the mysteriously appeared content on her new account was the message history associated with the WhatsApp account of the previous owner of the same SIM/mobile number, which WhatsApp pushed to her phone. Since for WhatsApp, your phone number is your username and password is the OPT it sends to that number, it's not a vulnerability. This is how the service works. In a blog post, WhatsApp has explicitly mentioned that it's a "common practice for mobile providers to recycle numbers, you should expect that your former number will be reassigned." In her tweets, Fuller said that the appeared chat history was "not FULL, but definitely actual threads/DM conversations," she has yet to confirm if those messages also included any message sent by the previous SIM owner. However, to my knowledge, setting up WhatsApp on a new device using a new phone number could not restore full message archive of the previous owner because the company never backs up your encrypted conversations on its server. However, it keeps pending messages on its server until delivered to the recipients when they come back online. This suggests that the messages Fuller found on her newly created Whatsapp account were probably only the undelivered messages sent by the contacts of the previous owner after he/she stopped using that SIM number. Moreover, to prevent your previous messages from landing onto others device, WhatsApp recommends users to either delete their account before stop using a SIM or mitigate the WhatsApp account with "Change number" feature available in the app settings. Besides this, in case you forget to delete your old account, WhatsApp automatically deletes undelivered messages from its servers 45 days after you stay offline, preventing the new owner of your old number from receiving those messages. However, Fuller claimed that she owns her new phone number from many months, i.e., more than 45 days, and may be due to some bug due to which WhatsApp failed to delete those messages from its server that were associated with the previous SIM owner. Here's What Could Have Happened A few tech sites and users on Twitter, Reddit currently suggesting that WhatsApp "45-day message deleting mechanism" contains a bug that eventually is keeping undelivered messages stored on the company server for a longer period after the recipients stop using their accounts. However, they all missed an important fact here — You don't need your SIM to keep using your WhatsApp account, once configured on the phone. That means, it is likely possible that the old owner of that SIM was still using his WhatsApp account after dumping the SIM number until Fuller recently configured the same number and verified the account using the OPT received on her phone. So, with high confidence, we can say that the messages appeared on the Fuller phone were only some recently undelivered messages that the old user was supposed to receive when online this morning. What About the WhatsApp Encryption Keys? Lastly, if you are thinking how a new user with a new WhatsApp private key on her phone was able to receive/read messages that were actually end-to-end encrypted using the private keys of the previous owner, you should read our previous article here. This story also highlights the privacy threat a Guardian reporter raised two years ago in the way WhatsApp implemented the protocol, wherein the company, by default, trusts new encryption keys broadcasted by a contact and uses it to automatically re-encrypt undelivered messages and send them to the recipient without informing or leaving an opportunity for the sender to verify the recipient. We have contacted the WhatsApp team and waiting for their comment. We'll update the story as soon as we heard back from them. Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group. Source
  4. WhatsApp could soon be challenged by two popular rivals Statista claimed as of October last year WhatsApp had 1.5billion active users (Image: Getty • WhatsApp) WHATSAPP could soon face radical competition from two other popular applications that are used for conversing with others, it has emerged. WhatsApp is the most popular chat client in the world, surpassing the likes of Facebook Messenger, WeChat and Skype in terms of active monthly users. In fact, Statista claimed as of October last year the app had 1.5billion active users. In comparison, Facebook Messenger was said to have 1.3billion in the same period. One of the reasons for WhatsApp's laudable success is surely its consistent stream of updates that add new features on a regular basis. Last year one of the biggest features to arrive on the client was the addition of group calling that allowed up to four people, including the person that initiated the call, to chat with one another. Discussing the feature at the time, WhatsApp said: "You can make a group call with up to four people total - anytime and anywhere. "Just start a one-on-one voice or video call and tap the new 'add participant' button in the top right corner to add more contacts to the call. "Group calls are always end-to-end encrypted, and we've designed calling to work reliably around the world in different network conditions." But now it appears such a feature is going to be challenged by Google Duo that looks set to deliver group calling for up to eight people at once. Android Police, courtesy of an anonymous source, recently posted alleged screenshots of such a feature being harnessed. The outlet insisted the tool can be used after a group has been made in the app with all the contacts the user wants to speak with. It added there does not currently appear to be a way for participants to be added during a group call, meaning everyone needs to join at the start. A new dark mode for the app as also shown off that could make using Google Duo easier on user eyes overall. It is currently unclear when group calling and a dark mode will arrive for the Mountain View firm's app. Google Duo looks set to deliver group calling for up to eight people at once (Image: Google) Dark modes have become increasingly prominent in mobile applications, giving users more choice in how they want to view the software in question. Back in September WABetaInfo, an outlet renowned for digging through WhatsApp code to gain an insight into forthcoming features, stated a dark theme is being worked on for the app. However, it appears Facebook Messenger could beat WhatsApp to delivering such an aesthetic, according to a new leak. Twitter user Jane Manchun Wong recently postedimages of Facebook Messenger running a new dark mode and claimed the social media giant is "testing" the new feature in "certain countries". Although an exact release date for the feature has not been provided, the function was shown to be working as a user would expect, suggesting it may not be long before a mass rollout takes place. It is unknown when WhatsApp intends to deliver its own dark mode to users. Source
  5. Facebook-owned WhatsApp is being criticized for failing to curb the spread of child pornography on the messaging app. A report by two Israeli online safety groups, Netivei Reshet and Screensaverz, concluded that it was easy to find WhatsApp groups in which people shared images and videos of children being sexually abused. Some third-party apps that provide links to join WhatsApp groups have sections for adult content, which have been used to share child pornography on the platform, according to TechCrunch, which translated the report. The researchers contacted Facebook about the problem, but news outlets, including the Financial Times, found that several of the groups were still active on the platform. One child pornography group chat had 256 members from various countries, including the US, and was active earlier this week. The accounts in the group were later banned by WhatsApp, which also said it had been flagged internally before the Financial Times alerted the company. The two nonprofits discovered the child pornography groups during the summer after a man called a hotline to report them. A WhatsApp spokesperson said that the company "has a zero-tolerance policy around child sexual abuse." "We deploy our most advanced technology, including artificial intelligence, to scan profile photos and images in reported content, and actively ban accounts suspected of sharing this vile content," the spokesperson said. The company also responds to requests from law enforcement and reports abuse to the National Center for Missing and Exploited Children. WhatsApp recently banned roughly 130,000 accounts in 10 days for violating its rules against child sexual abuse. source
  6. After numerous infamous cases of people in India and Brazil falling prey to fake news spread on WhatsApp, the problem is now spreading to Nigeria. The West African nation is hosting its national elections in February next year, and a report from The Poynter Institute says its citizens are at risk of being conned by misinformation surrounding political parties – and it’s reaching people through WhatsApp. researcher Allwell Okpi found that rumors about ethnicities and political candidates often spread through WhatsApp in Nigeria, in local languages. According to the report, people using the Facebook-owned service often receive doctored or miscaptioned images. One of the prime examples included photos of Nigerian soldiers allegedly killed by the Boko Haram terrorist group. However, those turned out to be recycled photos from another incident which involved the Kenyan Army in Somalia. One recent false rumor was about where politicians stand on a semi-nomadic tribe clashing with indigenous tribes and Christian farmers. Another one claimed that a presidential candidate, Atiku Abubakar, couldn’t enter the US because of corruption charges. Such misinformation could color people’s opinions of political candidates and skew their decisions to vote in the upcoming elections. A recent survey indicated that 28 percent of people in Nigeria shared information which turned out to be bogus. The Facebook-owned chat application has taken some measures to battle fake news. It imposed a forward limit in India and Brazil to stop mass forwarding of messages. It even banned 100,000 accounts just before the elections in Brazil. In India, the company recently appointed a grievance officer and a company head. It’s taking a lot of effort to spread awareness offline as well through newspaper ads and theater. The company even launched a TV campaign today to warn people about misinformation. But as we noted, WhatsApp alone can’t be blamed for the spread of misinformation; it’s up to the government and the nation’s people to develop a culture of questioning the veracity of the information they receive through new channels of communication. While WhatsApp‘s had a tough 2018, next year will put it under more pressure because of the upcoming elections in India and Nigeria. It’ll be interesting to see if the company can figure out ways to battle the spread of fake news without breaking its end-to-end message encryption. Source
  7. Facebook, the parent company of WhatsApp, never made it clear how exactly it plans to put ads in WhatsApp but it has also never ruled out the possibility. David Fischer, Facebook's vice president of business and marketing partnerships, last month in an interview with Adweek had said that the company will figure out ways to bring ads to the chat app. It seems that it has finally figured it out. A WhatsApp spokesperson has confirmed Tech Crunch that the chat app is planning to run ads inside the Status tab of the app. To recall, 'Status' is the second tab you see in your WhatsApp window right between the 'Chats' and 'Calls' tabs. Similar to Snapchat Stories features, photos or video posted inside Status disappear after 24 hours. . "WhatsApp does not currently run ads in Status though this represents a future goal for us, starting in 2019 and not only that, we also move slowly and carefully and provide more details before we place any Ads in Status,"A whatsapp spokeperson by Tech crunch. According to WSJ, the popular chat app will start showing ads in its ‘Status’ feature from next year, much like another popular Facebook-owned property, Instagram, which shows ads in its ‘Stories’ section to generate revenues. According to the report, around 450 million people use WhatsApp Status, compared with about 400 million who use Instagram Stories. Revenues From WhatsApp Business The company has also revealed that from today, it has started charging big companies that use its service to interact with customers. As per its newly-adopted business model, the company has started charging the likes of Uber and Singapore Airlines (among others) to send their WhatsApp messages, updates and notifications to customers. Overall, the company says it has started off with around 100 companies, but expects to increase the scope and scale of the operations going forward. With a view towards monetizing its free service, WhatsApp last year had soft launched WhatsApp Business, which is aimed at corporates that want to use the popular instant messaging app to connect with their customers. Article Sources: indiatoday.in androidheadlines.com The Wall Street Journal beebom.com
  8. TextNow Dedicated Virtual Mobile Phone Number (USA) & Unlimited Free International Call to USA/Canada - UK Landline + Ability to Use Whatsapp Without SIM Card How is TextNow different from Whatsapp and Viber ? App Highlights Free Landline & Mobile call to USA/Canada (Tested to USA both Landline and mobile numbers) Free Landline to UK (Tested by myself) Sending Free SMS depending of the Country Zone... Receiving Verification Code: Currently Google & Microsoft Account verification code not working myself. Instruction: Signup for free during registration when you asked area code enter: 208 (That is the area code I can only get Whatsapp recognize the Phone Number) I got 2 Free USA Mobile Phone Number: (734) Whats up does not accept as a valid USA Number --> Got the number when ı enter Area cone 734 (208) Accepted number --> Have that number when I enter 555 during Area Code selection. Homepage:https://www.textnow.com/ Android:https://play.google.com/store/apps/details?id=com.enflick.android.TextNow&hl=en iTunes:https://itunes.apple.com/us/app/textnow-free-text-+-calls/id314716233?mt=8 Windows Phone:https://www.microsoft.com/en-us/store/p/textnow/9wzdncrfj38m (Android) TextNow – free text + calls PREMIUM v5.2.0 [Unlocked] Site: http://txt.do Sharecode[?]: /dtu7s ========================================================= How to Use WhatsApp Without Phone Number or SIM Via TextNow Method: In this method to use whatsapp messenger without sim verification, you need to install Textnow app on your android/ iPhone or windows phone. Using the Textnow number, you can install whatsapp without simcard. You need to have internet connectivity over wifi. Download Textnow app for your iPhone/Android/Windows phone. After installation, you will be provided with a Textnow number (when you asked area code enter: 208) We will use this number to run whatsapp without sim card. While setting up the whatsapp account, provide this Textnow number for verification. Then, wait for the Whatsapp sms verification to fail. You will be asked to verify your Whatsapp account via Call. Tap on the Call Me verification method You will get a call for the Textnow number, enter the interactive voice response Whatsapp verification code provided. Voila, you have installed whatsapp without sim using internet. Homepage:https://www.whatsapp.com/ Andrid:https://play.google.com/store/apps/details?id=com.whatsapp&hl=en iTunes:https://itunes.apple.com/tr/app/whatsapp-messenger/id310633997?mt=8
  9. Letter to judge reveals 731 pages of messages, call logs uncovered on one of two phones. Michael Cohen leaving the United States District Court Southern District of New York on May 30, 2018 in New York City. A letter today revealed that the FBI had recovered over 700 pages of messages and call logs from encrypted messaging apps on one of two BlackBerry phones belonging to Cohen. In a letter to the presiding judge in the case against Michael Cohen, President Donald Trump's long-time personal attorney, the US Attorney's Office for the Southern District of New York revealed today that it had obtained additional evidence for review—including a trove of messages and call logs from WhatsApp and Signal on one of two BlackBerry phones belonging to Cohen. The messages and call logs together constitute 731 pages of potential evidence. The FBI also recovered 16 pages of documents that had been shredded, but it has not yet been able to complete the extraction of data from the second phone. The letter to Judge Kimba Wood stated that "the Government was advised that the FBI’s original electronic extraction of data from telephones did not capture content related to encrypted messaging applications, such as WhatsApp and Signal... The FBI has now obtained this material." This change is likely because of the way the messages are stored by the applications, not because the FBI had to break any sort of encryption on them. WhatsApp and Signal store their messages in encrypted databases on the device, so an initial dump of the phone would have only provided a cryptographic blob. The key is required to decrypt the contents of such a database, and there are tools readily available to access the WhatsApp database on a PC. In a post to Twitter, attorney Michael Avenatti, who represents Stormy Daniels in her suit against Cohen over a nondisclosure agreement regarding her alleged sexual encounters with Donald Trump, crowed about the new evidence. The messages and logs were provided to Cohen's attorneys today. Cohen has until June 25 to review the materials and make any claims of attorney-client privilege; after that, any messages he claims are protected will be reviewed by the Special Master, retired federal judge Barbara Jones. Jones and Cohen's attorneys have already reviewed an initial collection of data from two phones and an iPad. Jones ruled that out of 291,770 total items from those devices, "148 items are Privileged and/or Partially Privileged and that 7 items are Highly Personal." But an additional 315 megabytes of data have been pulled from the first of the two BlackBerries, and its contents were delivered to Cohen's attorneys on June 14. An unknown amount of data remains on the second BlackBerry. "The Government will update the Court on the final BlackBerry extraction as soon as possible," US Attorney Robert Khuzami wrote in the letter to Judge Wood. Source
  10. (Reuters) — As Europe’s new privacy law took effect on Friday, one activist wasted no time in asserting the additional rights it gives people over the data that companies want to collect about them. Austrian Max Schrems filed complaints against Google, Facebook, Instagram and WhatsApp, arguing they were acting illegally by forcing users to accept intrusive terms of service or lose access. That take-it-or-leave-it approach, Schrems told Reuters Television, violates people’s right under the General Data Protection Regulation (GDPR) to choose freely whether to allow companies to use their data. “You have to have a ‘yes or no’ option,” Schrems said in an interview recorded in Vienna before he filed the complaints in various European jurisdictions. “A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.” The GDPR overhauls data protection laws in the European Union that predate the rise of the internet and, most importantly, foresees fines of up to 4 percent of global revenues for companies that break the rules. That puts potential sanctions in the ballpark of anti-trust fines levied by Brussels that, in Google’s case, have run into billions of dollars. Andrea Jelinek, who heads both Austria’s Data Protection Authority and a new European Data Protection Board set up under GDPR, appeared to express sympathy with Schrems’ arguments at a news conference in Brussels. Asked about the merits of Schrems’ complaints, Jelinek said: “If there is forced consent, there is no consent.” Scourge of Facebook Schrems was a 23-year-old law student when he first took on Facebook and he’s been fighting Mark Zuckerberg’s social network ever since – becoming the poster-boy for data privacy. He won a landmark European court ruling in 2015 that invalidated a ‘safe harbour’ agreement allowing firms to transfer personal data from the EU to the United States, where data protection is less strict. With GDPR in mind, he recently set up a non-profit called None of Your Business noyb.eu (noyb) that plans legal action to blunt the ability of the tech titans to harvest data that they then use to sell targeted advertising. His laptop perched on the table of a traditional Viennese coffee house, Schrems showed how a pop-up message on Facebook seeks consent to use his data – and how he is blocked when he refuses. “The only way is to really accept it, otherwise you cannot use your Facebook any more,” Schrems explained. “As you can see, I have my messages there and I cannot read them unless I agree.” Erin Egan, Facebook’s chief privacy officer, said in a statement that the company has prepared for 18 months to ensure it meets the requirements of GDPR by making its policies clearer and its privacy settings easier to find. Facebook, which has more than 2 billion regular users, has also said that advertising allows it to remain free, and that the whole service, including ads, is meant to be personalized based on user data. “1,000-euro brick” Schrems said, however, that Instagram, a photo-sharing network popular with younger users, and encrypted messaging service WhatsApp – both owned by Facebook – also use pop-ups to gain consent and bar users who refuse. The action brought by noyb against Google relates to new smartphones using its Android operating system. Buyers are required to hand over their data or else own “a 1,000-euro brick” that they can’t use, Schrems said. Google did not immediately respond to a request for comment. Noyb is filing the four claims with data protection authorities in France, Belgium, Germany and Austria. Ensuing litigation may play out in Ireland, where both Facebook and Google have their European headquarters. One filing, made against Facebook on behalf of an Austrian woman, asks the country’s data protection authority to investigate and, as appropriate, prohibit data processing operations based on invalid consent. It also asks the regulator to impose “effective, proportionate and dissuasive” fines as foreseen by GDPR, which in Facebook’s case could run to 1.3 billion euros ($1.5 billion). “So far it was cheaper just to ignore privacy rights,” said Schrems. “Now, hopefully, it’s going to be cheaper to follow them because the penalties are so high.” Source
  11. WhatsApp cofounder Brian Acton expressed outrage at Facebook’s privacy policies last month by tweeting “It is time. #deletefacebook.” But WhatsApp’s Facebook-like group chat features also have design flaws that jeopardize user privacy. Maybe it’s also time to #DeleteWhatsApp. WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. “Some of your most personal moments are shared with WhatsApp,” the company writes on its website, so “your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.” But WhatsApp members may not be aware that when using the app’s Group Chat feature, their data can be harvested by anyone in the group. What is worse, their mobile numbers can be used to identify and target them. WhatsApp groups are designed to enable groups of up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links enabling anyone to opt-in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide a name or otherwise identify themselves. This design could leave inattentive members open to targeting, as a new report from European researchers shows. The researchers demonstrated that a tech-savvy person can easily obtain treasure troves of data from WhatsApp groups by using nothing more than an old Samsung smartphone running scripts and off-the-shelf applications. This is not a security breach — the app is working exactly as designed. Kiran Garimella, of École Polytechnique Fédérale de Lausanne, in Switzerland sent me a draft of a paper he coauthored with Gareth Tyson, of Queen Mary University, U.K. titled “WhatsApp, doc? A first look at WhatsApp public group data.” It details how they were able to obtain data from nearly half a million messages exchanged between 45,794 WhatsApp users in 178 public groups over a six-month period, including their mobile numbers and any images, videos, and web links they had shared. The groups had titles such as “funny”, “love vs. life”, “XXX”, “nude”, and “box office movies”, as well as the names of political parties and sports teams. The researchers obtained lists of public WhatsApp groups through web searches and used a browser automation tool to join a few of the roughly 2,000 groups they found — a process requiring little human intervention and easily applicable to a larger set of groups. Their smartphone began to receive large streams of messages, which WhatsApp stored in a local database. The data are encrypted, but the cipher key is stored inside the RAM of the mobile device itself. This allowed the researchers to decrypt the data using a technique developed by Indian researchers L.P. Gudipaty and K.Y. Jhala. Note: The method Garimella and Tyson used only allowed them to access data posted to each of the groups after they’d joined them; they weren’t able to access any earlier data posted in the groups. The researchers’ goal was to determine how WhatsApp could be used for social-science research (they plan to make their dataset and tools publicly available after they anonymize the data). But their paper demonstrates how easily marketers, hackers, and governments can take advantage of the WhatsApp platform — with no contractual restraints and for almost no cost. This can have a much darker side. The New York Times recently published a story on the Chinese Government’s detention of human-rights activist Zhang Guanghong after monitoring a WhatsApp group of Guanghong’s friends, with whom he had shared an article that criticized China’s president. The Times speculated that the government had hacked his phone or had a spy in his group chat; but gathering such information is easy for anyone with a group hyperlink or access to a server. Earlier this year, Wired reported that researchers from Ruhr-University Bochum, in Germany, found a series of flaws in encrypted messaging applications that enable anyone who controls a WhatsApp server to “effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.” Gaining access to a computer server requires sophisticated hacking skills or the type of access only governments can gain. But as Wired wrote, “the premise of so-called end-to-end encryption has always been that even a compromised server shouldn’t expose secrets.” Researcher Paul Rösler reportedly said, “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them. … If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little.” Facebook and its family of companies are being much too casual about privacy, as we have seen from the Cambridge Analytica revelations, harming freedom and democracy. They need to be held to higher standards. Editor’s note: VentureBeat reached out to WhatsApp regarding the researchers’ findings, but the company did not provide a statement. Vivek Wadhwa is Distinguished Fellow at Carnegie Mellon University Engineering at Silicon Valley and author of The Driver in the Driverless Car: How Our Technology Choices Will Create the Future. Source
  12. Hello Gents, Press K (kick up my butt), if you reckon, I'm too unaware.. but I have my excuses- busy with work etc, so: (fed up having so many apps, conflicting contact issues etc), wonder, if somebody would have new (better) suggestions? Skype had it's glory days, but is too big, too unsafe, too much data FB Messenger is sort of "must", due to social interactions Like Telegram, but ever so few other users, also, it is not 100% as secure no more, What'sApp is OK, as there are some old contacts, sometimes handy, bhuuuttt Duo google product, expect to be failures, as per usual Hangouts- OK, just not sure if worth keeping it, as other apps-client do the same Thanks!
  13. ICO probe: No legal basis for Facebook slurps WhatsApp has agreed not to share users' data with parent biz Facebook after failing to demonstrate a legal basis for the ad-fuelling data slurp in the EU. The move comes after a years-long battle between the biz and European data protection agencies, which argued that changes to WhatsApp's small print hadn't been properly communicated and didn't comply with EU law. An investigation by the UK's Information Commissioner's Office, which reported today, confirmed the biz has failed to identity a legal basis for sharing personal data in a way that would benefit Facebook's business. Moreover, any such sharing would have been in breach of the Data Protection Act. In response, WhatsApp has agreed to sign an undertaking (PDF) in which it commits not to share any EU user data to any other Facebook-owned company until it can comply with the incoming General Data Protection Regulation. The ICO celebrated the deal as a "win for the data protection of UK customers" – a statement that Paul Bernal, IP and internet law expert at the University of East Anglia, said he agreed with only up to a point. "This is indeed a 'win', but a limited one," he told The Register. "It's only a commitment until they believe they've worked out how to comply with the GDPR – and I suspect they'll be working hard to find a way to do that to the letter rather than to the spirit of the GDPR." Using consent as the lawful basis? No dice At the heart of the issue is consent. In summer 2016, a privacy policy update said that, although it would continue to operate as a separate service, WhatsApp planned to share some account information, including phone numbers, with Facebook for targeted advertising, business analysis and system security. Although users could withhold consent for targeted advertising, they could not for the other two purposes – any users that didn't like the terms would have to stop using WhatsApp. The EU data protection bodies have previously said that this "like it or lump it" approach to service use doesn't constitute freely given consent – as required by EU rules. Similarly, they felt that WhatsApp's use of pre-ticked boxes was not "unambiguous" and that the information provided to users was "insufficiently specific". The ICO has also noted that matching account data might lead to "privacy policy creep", with further uses of data slipping into the Ts&Cs unnoticed by users. The investigation – which looked only at situations where WhatsApp wanted to share information with Facebook for business interests, not service support – confirmed concerns that the policy wasn't up to scratch. Information commissioner Elizabeth Denham said WhatsApp had not identified a lawful basis for processing, or given users "adequate fair processing information" about any such sharing. "In relation to existing users, such sharing would involve the processing of personal data for a purpose that is incompatible with the purpose for which such data was obtained," she said. She added that if the data had been shared, the firm "would have been in contravention of the first and second data protection principles" of the UK's Data Protection Act. WhatsApp has maintained that it hasn't shared any personal data with Facebook in the EU, but in a letter to the biz's general counsel Anne Hoge, Denham indicated that this had not been made clear at the outset. Denham wrote that the initial letter from WhatApp had only stated data sharing was paused for targeted ads. It was, she said, "a fair assumption for me to make" that WhatsApp may have shared data for the other two purposes, "but have at some point since that letter decided to pause" this too. However, she said that since WhatsApp has "assured" the ICO that "no UK user data has ever been shared with Facebook", she could not issue the biz with a civil monetary penalty and had to ask WhatsApp to sign the undertaking instead. Next up: Legitimate interests Denham's letter makes it clear that the companies will be working to make sure that data sharing can go ahead in a lawful way, particularly for system security purposes, for which it may consider using the "legitimate interests" processing condition. She noted that there would be "a range" of legitimate interests – such as fighting spam or for business analytics – but that in all cases it would need to show that processing was necessary to achieve it, and balance it against individuals' rights. Bernal said that if the biz had any plans to use the consent condition for processing, it "will need huge scrutiny". "It's almost impossible for most users to understand what they're really consenting to," he said. "And if ordinary users can't understand, how can they consent?" Jon Baines, data protection adviser at Mishcon de Reya, also noted that the fact WhatsApp had held its ground on what he described as a "key point" could put the ICO in a difficult position down the line. "It's very interesting that the ICO is classing this as a 'win', because – although on the surface it seems like a success – it's notable that WhatsApp have reserved their position on a key point, which is whether the processing in question falls under the UK's remit by virtue of the fact that it takes place in the UK on users' devices," he said. "Normally the effect of an informal undertaking will be to encourage a data controller voluntarily to take or cease action, to avoid the need for legal enforcement which would otherwise be available. "Here, should WhatsApp subsequently fail to perform the undertaking, the ICO might be compromised if there is no clear basis on which it can follow up with enforcement action." In a statement sent to The Register, WhatsApp emphasised the pause it had put on data sharing. "As we've repeatedly made clear for the last year we are not sharing data in the ways that the UK Information Commissioner has said she is concerned about anywhere in Europe." It added that it "cares deeply" about users' privacy and that "every message is end-to-end encrypted". Source
  14. WhatsApp has launched a separate app designed for use by small businesses to more easily connect with customers. WhatsApp Business adds key features like dedicated business profiles for details like email address, business description, store addresses, and website; smart messaging tools like greetings, quick replies, and away messages; and metrics for how many messages were sent, delivered, and read. For those who use a business number and a personal one, both the WhatsApp Business and WhatsApp Messenger apps can be used on the same device and registered with your different numbers. WhatsApp Business is also compatible with WhatsApp Web, the app’s desktop web browser client. The quick replies feature Business accounts will be clearly listed as such. WhatsApp says over time, businesses that have confirmed their account phone number matches their business one will receive a confirmation badge on their profile. That’s similar to WhatsApp adding green verification badges to select business accounts last year in the standard app. WhatsApp says other users can continue to use the standard app as usual and will still have full control over the messages they receive like blocking numbers and reporting spam. WhatsApp Business is free and available to download now for Android users, though there’s no mention of an iOS release yet. WhatsApp Business is currently available in Indonesia, Italy, Mexico, the UK, and the US, with a global rollout scheduled in the coming weeks. The Verge.com
  15. WhatsApp Messenger v2.17.397 Requirements: 4.0.3+ Overview: WhatsApp Messenger is a messaging app available for Android and other smartphones. WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. First year FREE!* (WhatsApp may charge thereafter, current price is $0.99 USD/year). WHY USE WHATSAPP: • NO ADDITIONAL FEES: WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to message and call friends and family, so you don’t have to pay for every message or call.* • MULTIMEDIA: Send and receive photos, videos, and Voice Messages. • WHATSAPP CALLING: Call your friends and family using WhatsApp for free, even if they’re in another country. WhatsApp calls use your phone’s Internet connection rather than your cellular plan’s voice minutes.* (Note: you can’t access 911 and other emergency service numbers through WhatsApp). • GROUP CHAT: Enjoy group chats with your contacts so you can easily stay in touch with your friends or family. • WHATSAPP WEB: You can also send and receive WhatsApp messages right from your computer’s browser. • NO INTERNATIONAL CHARGES: There’s no extra charge to send WhatsApp messages internationally. Chat with your friends around the world and avoid international SMS charges.* • SAY NO TO USERNAMES AND PINS: Why bother having to remember yet another username or PIN? WhatsApp works with your phone number, just like SMS, and integrates seamlessly with your phone’s existing address book. • ALWAYS LOGGED IN: With WhatsApp, you’re always logged in so you don’t miss messages. No more confusion about whether you’re logged in or logged out. • QUICKLY CONNECT WITH YOUR CONTACTS: Your address book is used to quickly and easily connect you with your contacts who have WhatsApp so there’s no need to add hard-to-remember usernames. • OFFLINE MESSAGES: Even if you miss your notifications or turn off your phone, WhatsApp will save your recent messages until the next time you use the app. • AND MUCH MORE: Share your location, exchange contacts, set custom wallpapers and notification sounds, email chat history, broadcast messages to multiple contacts at once, and more! WHAT'S NEW • You can once again set a text-only update in your profile and it's called About. Tap Settings and then your profile name to edit it. Thanks for the feedback! • Search for the perfect animated GIF right from within WhatsApp. Tap the emoji button in a chat and then tap GIF at the bottom of the emoji panel to get started. This app has no advertisements https://play.google.com/store/apps/details?id=com.whatsapp Download:
  16. Watch out! There’s a WhatsApp account thief about! Have you received an email claiming to come from WhatsApp that warns that you have been using the service for more than one year and that it’s time to take out a subscription? Beware! The emails are, of course, a scam designed to trick you into clicking links that might result in you handing your payment information over to fraudsters. Part of the email reads as follows: What makes the scam somewhat more convincing is that in the past WhatsApp did use to ask users to pay a fee after they had been using the service for over a year. But that all stopped in January 2016, when WhatsApp announced that it would no longer charge a fee, and was making its app completely free for everybody. So, don’t be duped into clicking on suspicious links claiming to come from WhatsApp suggesting you need to pay your subscription to continue to use the app. It’s not just nonsense, it’s potentially dangerous nonsense that could leave a hole in your wallet. And while we’re on the subject, as others have previously warned, you should always be wary of unsolicited SMS text messages claiming to come from WhatsApp demanding that you verify your account and buy a WhatsApp subscription. You ultimately decide what links you click on, and whether you hand over your passwords and payment card details. Always think twice, because the wrong decision could prove costly. Article source
  17. Fake website : http://шһатѕарр.com/?colors Actual site it redirects to : http://blackwhats.site/ Archive.is link : http://archive.is/9gK5Y Screenshots when you visit the website in smartphone : http://imgur.com/a/UsKue User gets the message saying whatsapp is now available with different colors " I love the new colors for whatsapp http://шһатѕарр.com/?colors " When you click the fake whatsapp.com url in mobile, the user is made to share the link to multiple groups for human verification. once your done sharing you are made to install adware apps, after you have installed the adware the website says the whatsapp color is available only in whatsapp web and makes you install an extention. Fake whatsapp extention : https://chrome.google.com/webstore/detail/blackwhats/apkecfhccjhdmicfliebkdekbkoioiaj these fake sites and spam messages are always circulating in whatsapp. Source Fake WhatsApp.com URL gets users to install adware Next time someone links you to whatsapp.com, make sure you take a second look. There’s some adware currently circulating around the web by tricking users to visit a ‘шһатѕарр.com’ domain instead. Yes, those are different URLs – the fake URL uses characters from the Cyrillic alphabet. As spotted by redditor u/yuexist, the site promises to let you install WhatsApp in different colors – I mean, everyone likes color options, right? If you visit the link, you’re asked to share the site with your friends for ‘verification.’ Your friends then receive a message saying “I love the new colors for whatsapp’ along with the fake URL. Once you’ve ‘verified’ yourself, you’re then told that WhatsApp’s colors can only be accessed on a desktop, and are asked to install an extension from the real Chrome Web Store called BlackWhats (still, click at your own risk). All this should send about 27,531 red flags to anyone remotely tech savvy, but there are plenty of WhatsApp users who don’t spend their time on tech blogs and might fall for it – the fake URL is certainly convincing enough at first glance. The extension itself has over 16,000 users and a 4 star rating from 55 ratings, though there are only 3 text reviews – it’s hard to tell if these ratings are somehow fake. We’ve reached out to Google to alert them about the adware. And as always, make sure to double check URLs on any unexpected links you may receive. Update: Google has removed this extension from the Chrome Web Store. Good riddance. Article source
  18. The idea of watching a whole season of your favorite TV how or the latest movies online for free is extremely appealing. Fraudsters are all too aware of this, as we’ll show. And it is obvious that cybercriminals are using Netflix – which has almost 100 million users – to spread their attacks, as it is one of the most popular ‘internet television networks” in the world today. In this post, we look at how fraudsters are using this well-known brand as the hook for a news WhatsApp scam. Let’s analyze how this false campaign, which offers users free access to Netflix for a whole year, works, and also look at how it has ended up misleading thousands of people worldwide. The initial message and its multiple false sites First things first – if you have received messages from trustworthy WhatsApp contacts inviting you to gain free access to the service through a particular link, let me be clear … Don’t do it! Don’t click on the link! Don’t share it! As we can see with the following images (in both the Spanish and English versions), the message appears to come from the Netflix.com domain. However, when users look at the shortened URL, they’ll notice that clicking on it will redirect them to another domain that is not related with the legitimate Netflix.com site: Spanish version English version Portuguese version The first click on the campaign takes the user to an external domain unrelated to Netflix, which curiously uses a trusted certificate as shown in the following image: Just like Netflix, it is also multilingual Another curious fact is that the page has the capacity to detect the language of the device and can change its language automatically. The following images show the same campaign in Spanish, Portuguese, and English: The method used for this scam is similar to what we are used to. The page promises a year’s worth of services from Netflix, provided that the user shares the fraudulent link with at least 10 of their contacts. Meanwhile, the page checks the number of times the user presses the share button, and if the target is not reached, opens another window requiring the victim to continue sharing the link. Then, the victim is redirected to pages that falsely claim that they are on the “final step” to achieve activation, when what is really happening is that they are stealing information from users’ mobile phones for different types of subscriptions, or opening the system’s messaging application in order to send an SMS to a premium number with a certain text or even encouraging users to download applications from unofficial sites. What should you do if you shared or clicked on the link? First of all, stay calm. It’s important to understand that, contrary to what some people believe, this is not a “WhatsApp virus” as there is no executable file that is being downloaded and installed in the terminal when you access the page. Although it is a potential risk, we have not found evidence that the fraudulent sites are attempting to exploit the vulnerabilities of the connected devices; so, in theory, there is no greater risk of infection by simply clicking on the link. If you have shared the link with friends and family, follow these steps: Get in touch with them as soon as you can and let them know that it is a scam and to stop sharing the message. If you entered your telephone number into any form, as seen in previous images, get in touch with your telephone provider to ensure that you have not subscribed “without noticing” to a premium messaging service that charges a fee. Finally, if you have downloaded any applications onto your cellphone, uninstall them. If you can’t do this, get in touch with a professional who can do it for you and restore the device to its manufacturing settings. Remember that you should think twice about these messages with shortened links and consider their trustworthiness before sharing. Given that the campaign is multilingual, it has the capacity to spread much faster, not only in Spanish-speaking countries but also in countries where English or Portuguese is spoken. Likewise, it is important to notify any users that have sent you the link about the importance of not providing their mobile phone numbers to Premium SMS services. In this way, you can be a hero, not in your favorite online seasons, but in real life, by putting a stop to these malicious campaigns and enjoying more secure use of your technology. Article source
  19. UK Home Secretary Amber Rudd on Sunday called for greater government access to encrypted content on mobile apps. Apps with end-to-end encryption, like Facebook's WhatsApp, should not be allowed to conceal terrorists' communications from law enforcement, Rudd said in an appearance on The Andrew Marr Show, a BBC broadcast. "There should be no place for terrorists to hide," she said. "We need to make sure that organizations like WhatsApp -- and there are plenty of others like that -- don't provide a secret place for terrorists to communicate with each other." Khalid Masood, who killed four people outside the UK's parliament building last week before being shot dead, reportedly used WhatsApp a few minutes before going on his murder spree. "On this situation, we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp," Rudd maintained. Backdoor Law in Place? Even though she supported end-to-end encryption as a cybersecurity measure, Rudd later said in an interview on Sky News, it was "absurd" to have terrorists talking on a formal platform and not have access to those conversations. "We are horrified at the attack carried out in London and are cooperating with law enforcement as they continue their investigations," WhatsApp spokesperson Anne Yeh said in a statement provided to TechNewsWorld. During her appearance on Marr's show, Rudd disclosed that she would be meeting with Facebook and other technology companies on Thursday to discuss ways to meet the information needs of security officers. She did not rule out new legislation to regulate encrypted messaging if the government and the tech companies were unable to reach an accord. However, that law may already exist. The UK last year adopted the Investigatory Powers Act, which compels tech companies to "provide a technical capability" to remove "electronic protection" within their products. That law has been interpreted in some quarters to mean that tech companies can be compelled to install "backdoors" into their products in order to decrypt data when necessary. A backdoor would not have helped prevent Masood's attack, however. "To use a backdoor, you have to identify somebody as a target and hack them," explained Matthew Green, a computer science professor specializing in cryptography at Johns Hopkins University. "With this terrorist, they identified this person and decided he wasn't a threat and stopped monitoring him," he told TechNewsWorld. "Nothing is going to help once you look at a guy then look away." No Door Secure Enough Backdoors have been criticized as a means to meet the information needs of law enforcement because they undermine the purpose of encryption. "Many technologists and even many in law enforcement have acknowledged there's no secure backdoor," said Chris Calabrese, vice president for policy at the Center for Democracy & Technology. "You simply cannot build a door that only the good guys can walk through," he told TechNewsWorld. "If you start building backdoors, they will be exploited by hackers; they will be exploited by terrorists." Tech companies have been skeptical of creating backdoors to break the encryption used by their products and then turning over the keys to law enforcement. Another idea floated is that the companies should create the backdoors but retain control of the keys to prevent abuse. "That won't work. The systems are too complicated and the backdoors too difficult to keep secure," Calabrese said. "Companies don't want to have to worry about their employees misusing these keys, and they don't want to have to secure them," said Johns Hopkins' Green. Application Hopping Even if backdoors were installed in applications like WhatsApp, they most likely would miss their mark -- assuming that mark is to prevent terrorists from communicating securely. "If the bad guys feel that this application has been compromised by government officials and backdoors become available, this leads to a simple response by the bad guys -- use a different application," explained Paul Calatayud, CTO at FireMon. "WhatsApp is a third-party application on a mobile device," he told TechNewsWorld. "Nothing prevents the bad guys from moving to a lesser known third-party application." While WhatsApp can't crack the encrypted contents on the parliament killer's phone, it still can provide authorities with information about the terrorist's phone activity -- such as the time a message was sent, who it was sent to, and the physical location of the sender and recipient. "It doesn't matter what this guy said before he did this thing," said Bruce Schneier, CTO of IBM Resilient. "What matters is who it was, and WhatsApp doesn't protect that." Investigators can access all kinds of information without recourse to backdoors, he told TechNewsWorld, "but that would require a real conversation about the problem, which you don't get from these people who grandstand after tragedies." Source
  20. Google will meet UK govt Google is going to participate in a meeting with the British government this week, a meeting that seems to have been sparked by the terror attack that took place in London last week. The meeting will likely focus on the advantages and disadvantages of offering end-to-end encryption to users, something that British authorities have been quite vocal these past few days, especially as they slammed WhatsApp for not providing them with the last messages sent out by the author of the attack, something that is impossible due to the same encryption featured in the messaging app. For its part, Google will also be scolded over the extremist material accessible through its search engine, and even on YouTube. Google confirmed to Business Insider that it is among the companies that will participate at this meeting with the British government, although it declined to comment further. Although not confirmed, as of yet, Facebook will probably be on the same list of participants, along with Yahoo and even Apple. "There should be no place for terrorists to hide," Home Secretary Amber Rudd said in regards to the terrorist incident, and, more specifically, to the fact that encryption helped hide the terrorist's last sent messages. The neverending discussion over encryption There are many messaging apps that provide end-to-end encryption, including Google's Allo, Apple's iMessage and many others, from other companies. This, of course, is the perpetual discussion over whether or not people should be allowed to have complete privacy of their communications via end-to-end encryption. Security experts and tech companies say "yes," while authorities and politicians say "no" due to the "inconvenience" of being unable to decrypt these conversations. In fact, on numerous occasions, people that have been put in positions of power, in the United States and Europe alike, have called for encryption backdoors to be used by law enforcement. This, however, would make billions of users vulnerable to hackers and government surveillance. Source
  21. WhatsApp can't hand over messages End-to-end encryption services like WhatsApp are once more being slammed for offering protection for users everywhere. This time, the UK is doing all the finger pointing, and it's because of the terrorist attack that took place on Wednesday. British Home Secretary Amber Rudd has accused WhatsApp of giving terrorists "a place to hide," after the company has failed to comply with a demand to hand over the last messages sent by London attacker, Adrian Ajao, the Telegraph reports. "This terrorist sent a WhatsApp message, and it can't be accessed," Rudd said. She also said that it is completely unacceptable for end-to-end encryption to be offered because there should be no place for terrorists to hide. "We need to make sure that organizations like WhatsApp - and there are plenty of others like that - don't provide a secret place for terrorists to communicate with each other," she added. The British authorities are complaining that Scotland Yard and the security services cannot access encrypted messages sent via WhatsApp, so they cannot know who Ajao contacted or what the told them before the attack. Not only did Rudd slam WhatsApp, but also went after Google and social media platforms which have been known for being late to take down extremist material or refusing to take it down altogether due to their protection of "free speech" and the way their Terms are worded. A much-desired backdoor This isn't the first time, nor will it be the last time, when WhatsApp and other similar services, as well as encrypted email tools, are slammed by authorities. End-to-end encryption is supposed to protect users from hackers, but also mass-surveillance, such as that exposed by Edward Snowden's NSA files. The way it works, a message is encrypted the second it is sent by one user, and it only gets decrypted once it reached the recipient. In this way, WhatsApp doesn't have access to any plain-text messages, which means it cannot share anything with authorities. In recent months there have been more and more voices asking for encryption backdoors for authorities, something that tech companies will likely never agree to; not without losing users in droves. Source
  22. WhatsApp and Telegram fix big vulnerability WhatsApp and Telegram have patched critical flaws in their apps that could allow attackers to gain control over user accounts. According to researchers from Check Point Software Technologies, they discovered issues with the way the two apps process several types of files without checking to see if they contain malicious code. They mention that the online versions of these platforms - WhatsApp Web and Telegram Web - mirror all messages sent and received by the user, being fully synced with the smart device. If exploited, the vulnerability they found could allow attackers to completely take over users' accounts on any browser, access their personal and group conversations, photos, videos and other shared files, as well as contact lists and basically any other information they share with the app. That translates into someone stealing your photos, sending messages in your name, demanding ransom, and so on. So how does this work? Well, it all starts with the attacker sending a file that looks innocent to the victim, but which contains malicious code. The file can be easily modified to make sure the victim takes the bait and opens it. Once it is opened, the attacker can go ahead and "own" the account. "Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent," researchers note in their post. The vulnerability was disclosed to WhatsApp and Telegram last week, and they've both rolled out updates for their web clients soon after. All users need to do to get the update is restart their browser, so it's probably safe to say everyone is now protected. The impact of this bug is massive. WhatsApp has over 1 billion users worldwide, and Telegram has another 100 million monthly users. It's unknown at this point what percentage of these numbers use the web platforms provided by the apps. The technical details In the case of WhatsApp, Check Point researchers managed to bypass the restrictions set by the app's mechanism by uploading a malicious HTML document with a legitimate preview of an image to fool a victim into thinking they were clicking on a link to view a cool cat picture, or whatever else may interest them. Once the victim clicks on the document, the URL is accessed and users can say good-bye to their accounts. "Once he clicks on the file, the victim will see a funny cat under blob object which is an html5 FileReader object under web.whatsapp.com. That means the attacker can access the resources in the browser under web.whatsapp.com," the post reads. The user doesn't have to do anything else because just clicking on the link makes the victim's local storage data available to the attacker. Via a JavaScript function that checks frequently for new data, the local storage is replaced with the victim's. The attack on Telegram works pretty much the same with the attackers having to bypass the upload policy in order to upload a malicious HTML document with a mime type of a video file. Once the file is accessed, the attacker can get its hands on the users' data. Thankfully, however, this problem has been fixed. It is unknown if anyone else picked up on the problem before it was reported to the two companies. "This flaw shows how difficult it is to balance security and usability. WhatsApp did the right thing by encrypting the content, but by doing it too early in the message analysis pipeline, they could not determine that a message might be crafted to contain malicious code. This code could then access malicious information, which could be used to log into a user’s account for the web application. This flaw could be easily mitigated by using 2-factor authentication (recently introduced by WhatsApp), which has been proven to be one of the best security mechanisms to prevent wide-spread compromise," said Professor Giovanni Vigna, co-founder of malware detection firm Lastline. “As the bad guys get smarter our applications need to keep up. More and more of our communications are open to abuse from cybercriminals and the opportunistic eaves dropper. One of the ways to get around this process is using something called end-to-end message encryption. WhatsApp states that “When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured from falling into the wrong hands.” I.e. I encrypt it (automatically) from my application before I send it and you decrypt it at your end when you receive it. That means if anyone compromises the data in transit they are unable to use or identify anything within it, and there lies the problem - it limits your options for checking for anything malicious. Luckily this only affected the web platform so once resolved by WhatsApp themselves it only requires a browser restart," added Mark James, security specialist at ESET. Updated to include expert commentary. Source
  23. Encrypted messaging apps are safe, as long as the CIA doesn't target you There seems to be a bit of an uproar online as people are urging each other to dump the messaging apps they've been using because the CIA can render useless the encryption safeties they set in place. The problem, however, is with the operating systems of the phones, not the apps themselves, Following the Vault 7 revelations from WikiLeaks, many people worry that their privacy is at risk due to the newly exposed capacities of the CIA. Of course, so far, there's been no indication that the CIA is doing anything illegal with its powers, aside from the fact that it really should be sharing the zero-day vulnerabilities it finds with the companies they affect so they can fix them and protect millions of users. Then, there's the fact that, according to the files, the CIA has developed malware that can bypass the encryption layers used by apps such as WhatsApp, Signal, Telegram and so on. This isn't the fault of the apps, however, since the CIA based its malware on vulnerabilities it discovered in iOS and Android, zero-day bugs it chose to keep secret rather than share with Apple and Google, respectively. There's nothing the app can do if the OS is compromised Basically, when the operating system is attacked in such a way, there's very little an app can do to protect the user further. The app itself is made to fit with the operating system; it depends on it to work properly. Once you receive a message, the app will do what it was built to do - decrypt the message. If the operating system has been compromised by malware such as the one built by the CIA, the data is no longer protected. Even regular hackers can compromise your device without that much trouble as bypassing app encryption settings. If, for instance, you tap a link you shouldn't, download a malicious file which then triggers a malware to be downloaded to your device, you can be just as vulnerable. One method many hackers use to get their hands on your data is to take a screenshot every half second, or every second. That alone would expose whatever you are typing, protected by end-to-end encryption or not. The CIA's job Once more, we should point out that there is no indication that CIA is using these tools on the masses. They could very well simply use them on their criminal targets. Of course, given our history with the NSA leaks a few years back, the CIA may very well have overreached too, although mass-spying is less likely with the CIA than the NSA. "The CIA, like any other governmental intelligence agency, uses and will continue using various hacking tools and techniques to obtain any information they need to protect the country. This is their duty. So far, we don't have any evidence that these capacities were used unlawfully, for example, to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections," High-Tech Bridge CEO Ilia Kolochenko told Softpedia. At this point, the worst we can accuse the CIA of is collecting zero-day vulnerabilities and exploiting them instead of sharing the data with the companies that could protect millions of users by patching up their systems. Source
  24. Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
  25. WhatsApp Security: Make This Change Right Now! Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application. It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out. Update: In a statement sent to Ghacks, a WhatsApp spokesperson provided the following insight on the claim: WhatsApp has the power to generate new encryption keys for users who are not online. Both the sender and the recipient of messages are not made aware of that, and the sender would send any message not yet delivered again by using the new encryption key to protect the messages from third-party access. The recipient of the message is not made aware of that. The sender, only if Whatsapp is configured to display security notifications. This option is however not enabled by default. While WhatsApp users cannot block the company -- or any state actors requesting data -- from taking advantage of the loophole, they can at least activate security notifications in the application. The security researcher reported the vulnerability to Facebook in April 2016 according to The Guardian. Facebook's response was that it was "intended behavior" according to the newspaper. Activate security notifications in WhatsApp To enable security notifications in WhatsApp, do the following: Open WhatsApp on the device you are using. Tap on menu, and select Settings. Select Account on the Settings page. Select Security on the page that opens. Enable "show security notifications" on the Security page. You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use. Source Alternate Source - 1: WhatsApp Encryption Has Backdoor, Facebook Says It's "Expected Behaviour" Alternate Source - 2: WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages Alternate Source - 3: Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor' Alternate Source - 4: Your encrypted WhatsApp messages can be read by anyone Alternate Source - 5: How to protect yourself from the WhatsApp 'backdoor' Alternate Source - 6: 'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception [Updated] Detailed Explanation of the Issue and Prevention/Alternatives:
  • Create New...