Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label WhatsApp. Show all posts
zero-click
Data Breach Hackers paragon Spyware WhatsApp zero-click

WhatsApp Fixes Security Flaw Exploited by Spyware

 



WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.  

The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.  

A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.  


How the Attack Worked  

Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.  

Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.  


Who Was Targeted?  

According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.  

Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.  


Spyware Linked to Government Agencies  

Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.  

Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.  


Who Is Behind Paragon Spyware?  

Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.  

Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.  

In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.  


Protecting Yourself from Spyware  

While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:  

1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.  

2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.  

3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.  

4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.  

Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.  


Read more »
WhatsApp
CyberCrime Cybersecurity CyberThreat Google Meet Microsoft Privacy skype WhatsApp

Skype's Role in Popularizing End-to-End Encryption Leaves a Lasting Mark


 

In recent years, Skype has established itself as the most popular online communication platform, and it is nearing its close, marking the end of an era for one of the most popular VoIP services in the world. The first version of Skype was created by Niklas Zennström and Janus Friis in 2003 to create a platform that would facilitate seamless internet-based communication among users. When Skype was founded in 2003, it revolutionized digital communication by pioneering video conferencing, instant messaging, and setting the foundation for the modern virtual world. 

As its name implies, Skype pioneered several innovations that revolutionized digital communication. Originally designed for voice calls using peer-to-peer technology, it enabled users to make low cost or free calls from the comfort of their own homes. By removing long-distance costs and allowing users to communicate globally even through cheap long-distance calls, Skype revolutionized digital communication, making global connectivity more accessible by eliminating the high costs associated with long-distance calls. It was launched in August 2003, and grew rapidly in popularity over the next few years. 

It should be noted that there is no need to compromise the privacy or security of your online conversations by implementing Skype's encryption protocols. This provides significantly greater safety and privacy when communicating online, unlike conventional telephone networks. During its peak, the platform had more than 300 million active users worldwide, establishing itself as an indispensable communication tool for activists, journalists, and individuals who valued confidentiality above all else. 

The security measures in place on the platform were so robust that it was difficult even for intelligence agencies to intercept communications through the platform. Among the most noteworthy aspects of these documents are the difficulties Egyptian intelligence authorities encountered in their attempt to compromise Skype calls, further underlining the platform's reputation for being a safe and reliable medium of communication. However, despite its historical significance, Skype has been facing increasing challenges in maintaining its relevance in the face of a host of more competitive alternatives, such as Zoom, Microsoft Teams, WhatsApp, and Google Meet. 

After Microsoft acquired Skype in 2011, its strategic focus has steadily shifted toward Teams and other tools that integrate to become more efficient and effective. Since the platform's user base is shrinking and the needs of the digital communication landscape are changing, it seems that discontinuing Skype seems like a natural progression. As the platform phaseout approaches, not only will it signal the end of an influential platform, but also that communication technologies will continue to evolve to meet the needs of modern connectivity. Almost one decade from now, Skype will cease operations, marking the end of a platform that has significantly shaped global communication. 

In its inception as a basic voice phone service, Skype has evolved into the most widely accepted video conferencing tool on the market. Through the development of Skype, individuals and businesses from around the world have been connected. Despite this, as technology advanced and new communication platforms emerged, Skype faced more competition from more innovative and integrated solutions as the market grew. 

Over the years, Skype's market dominance declined, resulting in losing relevance in the market. Discontinuing the platform signifies the end of one of the most revolutionary platforms to change digital communication in the past few decades, along with the continuing importance of adaptability and innovation to achieve future success. 

The Closure of Skype and the Evolution of Digital Communication


Sadly, the discontinuation of Skype marks the end of an important chapter in the history of digital communication. As a result, businesses and individuals alike will be required to make a large-scale shift as they move to more contemporary platforms that offer advanced features and seamless integration, resulting in a large-scale transition. Corporations need to rapidly adapt by shifting their communication frameworks to alternative services. Microsoft Teams has emerged as one of the most popular options due to its impressive set of collaboration tools, which are designed to meet the dynamic requirements of today's organizations. 

Seeking Alternatives to Skype 


Skype is undoubtedly nearing the end of its lifecycle, so users and organizations are actively looking for alternatives that will meet their communication needs. Microsoft Teams, with its comprehensive and integrated features, is one of the best options. 

As well as this, there are other platforms out there that are also gaining traction, such as Zoom Phone and RingCentral. These platforms offer a wide range of functionalities designed to cater to a variety of business requirements. Each service offers its benefits, allowing users to pick the solution that best matches their operational objectives. 

Skype’s Influence and Enduring Impact

Despite its early beginnings, Skype has played a significant role in shaping the way online communication is shaped ever since it launched in 2003 and was acquired by Microsoft the following year for $8.5 billion, as a widely recognized platform that helps facilitate virtual interactions all over the world. 

While Skype has continuously improved its capabilities over the years, it has struggled to remain at the top of an ever-more competitive market. Over the past few years, communication platforms that are more agile and feature-rich have emerged, resulting in Skype's relevance rapidly eroding, eventually leading to its demise. 

The Future of Digital Connectivity


Digital communication is constantly evolving. Platforms that seamlessly integrate messaging, voice, video, and collaboration tools are becoming increasingly important as a result of a continuing shift toward mobile-centric solutions and artificial intelligence-driven innovations that offer better user experiences and are more intuitive. 

A sophisticated, adaptive and user-friendly ecosystem will be the hallmark of the future of communication as technology advances. This ecosystem will help enhance connectivity, productivity, and security on both a personal and professional level. Government agencies have employed a variety of methods to monitor Skype users throughout the world. 

There was a bug in Skype that, according to Citizen Lab at the University of Toronto, allowed Chinese authorities to intercept messages in China. At the time, Tom-Skype, a joint venture between a local telecommunication provider and eBay, which owned Skype at the time, operated under Chinese authorities. 

As a result of Edward Snowden's leak of documents, it has become clear that Microsoft had modified Skype so that it would give the NSA access to calls and messages, undermining their encryption. It is expected that Skype will close on May 5, 2025 due to Microsoft's decision to shut down the platform, making it irrelevant with just 36 million users in 2023, far under its peak user base of 300 million. While its legacy still exists through the use of encryption technologies that continue to secure modern communication platforms, it has endured through the years.
Read more »
WhatsApp
AI Backdoor Data Encryption Pegasus Spyware Technology WhatsApp

Frances Proposes Law Requiring Tech Companies to Provide Encrypted Data


Law demanding companies to provide encrypted data

New proposals in the French Parliament will mandate tech companies to give decrypted messages, email. If businesses don’t comply, heavy fines will be imposed.

France has proposed a law requiring end-to-end encryption messaging apps like WhatsApp and Signal, and encrypted email services like Proton Mail to give law enforcement agencies access to decrypted data on demand. 

The move comes after France’s proposed “Narcotraffic” bill, asking tech companies to hand over encrypted chats of suspected criminals within 72 hours. 

The law has stirred debates in the tech community and civil society groups because it may lead to building of “backdoors” in encrypted devices that can be abused by threat actors and state-sponsored criminals.

Individuals failing to comply will face fines of €1.5m and companies may lose up to 2% of their annual world turnover in case they are not able to hand over encrypted communications to the government.

Criminals will exploit backdoors

Few experts believe it is not possible to bring backdoors into encrypted communications without weakening their security. 

According to Computer Weekly’s report, Matthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said, “A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cyber criminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone.”

Researchers stress that the French proposals aren’t technically sound without “fundamentally weakening the security of messaging and email services.” Similar to the “Online Safety Act” in the UK, the proposed French law exposes a serious misunderstanding of the practical achievements with end-to-end encrypted systems. Experts believe “there are no safe backdoors into encrypted services.”

Use of spyware may be allowed

The law will allow using infamous spywares such as NSO Group’s Pegasus or Pragon that will enable officials to remotely surveil devices. “Tuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT Security Act and Germany’s Telecommunications Act (TKG) which require companies to secure their customer’s data,” reports Computer Weekly.

Read more »
zero click
Cyber Attacks Paragon Solutions Spyware WhatsApp zero click

WhatsApp Alerts Users About a Dangerous Zero-Click Spyware Attack

 


WhatsApp has warned users about a highly advanced hacking attack that infected nearly 90 people across 24 countries. Unlike traditional cyberattacks that rely on tricking victims into clicking malicious links, this attack used zero-click spyware, meaning the targets were hacked without taking any action.  


What Happened?

Hackers exploited a security vulnerability in WhatsApp to send malicious documents to the victims’ devices. These documents contained spyware that could take control of the phone without the user clicking or opening anything.  

According to reports, the attack was linked to Paragon Solutions, an Israeli company that develops spyware for government agencies. While governments claim such tools help in law enforcement and national security, they have also been misused to spy on journalists, activists, and members of civil society.  


Who Was Targeted?

The specific names of the victims have not been disclosed, but reports confirm that journalists and human rights advocates were among those affected. Many of them were based in European nations, but the attack spread across multiple regions.  

WhatsApp acted quickly to disrupt the attack and alerted the affected users. It also referred them to Citizen Lab, a cybersecurity research group that investigates digital threats.  


What is a Zero-Click Attack?  

A zero-click attack is a form of cyberattack where hackers do not need the victim to click, open, or download anything. Instead, the attack exploits weaknesses in apps or operating systems, allowing spyware to be installed silently.  

Unlike phishing attacks that trick users into clicking harmful links, zero-click attacks bypass user interaction completely, making them much harder to detect or prevent.  


How Dangerous Is This Spyware? 

Once installed, the spyware can:  

1. Access private messages, calls, and photos  

2. Monitor activities and track location  

3. Activate the microphone or camera to record conversations  

4. Steal sensitive personal data

Cybersecurity experts warn that such spyware can be used for mass surveillance, threatening privacy and security worldwide.  


Who is Behind the Attack?  

WhatsApp has linked the spyware to Paragon Solutions, but has not revealed how this conclusion was reached. Authorities and cybersecurity professionals are now investigating further.  


How to Stay Safe from Spyware Attacks

While zero-click attacks are difficult to prevent, you can reduce the risk by:  

1. Keeping Your Apps Updated – Always update WhatsApp and your phone’s operating system to patch security flaws.  

2. Enabling Two-Factor Authentication (2FA) – This adds an extra layer of security to your account.  

3. Being Cautious with Unknown Messages – While this attack required no interaction, remaining alert can help protect against similar threats.  

4. Using Encrypted and Secure Apps – Apps with end-to-end encryption, like WhatsApp and Signal, make it harder for hackers to steal data.  

5. Monitoring Unusual Phone Activity – If your phone suddenly slows down, heats up, or experiences rapid battery drain, it may be infected. Run a security scan immediately.  

This WhatsApp attack is a reflection of the growing threats posed by spyware. As hacking methods become more advanced and harder to detect, users must take steps to protect their digital privacy. WhatsApp’s quick response limited the damage, but the incident highlights the urgent need for stronger cybersecurity measures to prevent such attacks in the future.


Read more »
WhatsApp
Banking Scams Cyber Crime India WhatsApp

The Rising Problem of Banking Scams in East India

The Rising Problem of Banking Scams in East India

Currently, India is battling with a fake banking applications spoofing genuine institutions to loot credentials and money.

The scale of the campaign is massive, impacting around 900 different malware samples linked to more than 1000 different contact numbers used to commit frauds/scams. Experts from Zimperium found that malware was hiding in apps that imitiate financial institutions worth billion-dollars, aimed to target common man in India. 

The rise of banking scams in East India

Throughout India, majority of the people have been getting WhatsApp messages containing malicious Android Package Kit (APK) files. When downloaded, these malicious files change into  fake apps spoofing one or multiple banks- ICICI Bank, State Bank of India (SBI) and more. 

The apps demand targets to provide their personal financial info- this includes ATM PINs, debit/credit card numbers and PAN card deta- used for different government and financial reasons, for instance, opening a bank account or paying taxes- adhar card. 

Stealing confidential info

To let hackers get access into victims' bank accounts, the malware hacks one-time passwords and resends them either to a threat actor-controlled phone number or C3 servers operating on Firebase. 

Additionally, the malware uses stealth and anti-analysis measures such as "packing," where the malware is hidden, compressed, and encrypted in ways that its almost impossible to notice them. It self installs by exploiting accessibility service, and get all required permissions on users' devices by just poking a user to careless click "Allow" when the malware asks nicely. 

Zimperium chief scientist Nico Chiaraviglio says "since we don't see the app, it's not easy to uninstall it." He adds "you [have to deal with the] higher permissions. So if you want to uninstall the app, the device will say you cannot install it because it's a system app. You basically need to connect the phone to a computer and uninstall it using the Android Debug Bridge (ADB). It's not something that you can do from a regular user's standpoint."

The success behind scams in India

Dark Reading reports "Phone numbers tied to the campaign lovingly named "FatBoyPanel" have tended to concentrate in eastern states: West Bengal (30.2%), Bihar (22.6%), Jharkjand (10%)."

According to experts, two reasons add to the problem- use of outdated phones in India that aren't equipped with latest updates, and the rise of scammers trapping innocent victims.

Read more »
WhatsApp
New Media Privacy Social Media Spyware surveillance WhatsApp

WhatsApp Says Spyware Company Paragon Hacked 90 Users

WhatsApp Says Spyware Company Paragon Hacked 90 Users

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is done under the guise of national security, but in a few cases, it is aimed to suppress opposition and is a breach of privacy. 

Zero-click Spyware for WhatsApp

One such interesting incident is the recent WhatsApp “zero-click” hacking incident. In a conversation with Reuters, a WhatsApp official disclosed that Israeli spyware company Paragon Solutions was targeting its users, victims include journalists and civil society members. Earlier this week, the official told Reuters that Whatsapp had sent Paragon a cease-and-desist notice after the surveillance hack. In its official statement, WhatsApp stressed it will “continue to protect people's ability to communicate privately."

Paragon refused to comment

According to Reuters, WhatsApp had noticed an attempt to hack around 90 users. The official didn’t disclose the identity of the targets but hinted that the victims belonged to more than a dozen countries, mostly from Europe. WhatsApp users were sent infected files that didn’t require any user interaction to hack their targets, the technique is called the “zero-click” hack, known for its stealth 

“The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab,” Reuter reports. He didn’t discuss how it was decided that Paragon was the culprit but added that law enforcement agencies and industry partners had been notified, and didn’t give any further details.

FBI didn’t respond immediately

“The FBI did not immediately return a message seeking comment,” Reuter said. Citizen Lab researcher John Scott-Railton said the finding of Paragon spyware attacking WhatsApp is a “reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Ethical implications concerning spying software

Spyware businesses like Paragaon trade advanced surveillance software to government clients, and project their services as “critical to fighting crime and protecting national security,” Reuter mentions. However, history suggests that such surveillance tools have largely been used for spying, and in this case- journalists, activists, opposition politicians, and around 50 U.S officials. This raises questions about the lawless use of technology.

Paragon - which was reportedly acquired by Florida-based investment group AE Industrial Partners last month - has tried to position itself publicly as one of the industry's more responsible players. On its website, Paragon advertises the software as “ethically based tools, teams, and insights to disrupt intractable threats” On its website, and media reports mentioning people acquainted with the company “say Paragon only sells to governments in stable democratic countries,” Reuter mentions.

Read more »
WhatsApp
AI bots Artificial Intelligence Meta Technology WhatsApp

Meta's AI Bots on WhatsApp Spark Privacy and Usability Concerns




WhatsApp, the world's most widely used messaging app, is celebrated for its simplicity, privacy, and user-friendly design. However, upcoming changes could drastically reshape the app. Meta, WhatsApp's parent company, is testing a new feature: AI bots. While some view this as a groundbreaking innovation, others question its necessity and raise concerns about privacy, clutter, and added complexity. 
 
Meta is introducing a new "AI" tab in WhatsApp, currently in beta testing for Android users. This feature will allow users to interact with AI-powered chatbots on various topics. These bots include both third-party models and Meta’s in-house virtual assistant, "Meta AI." To make room for this update, the existing "Communities" tab will merge with the "Chats" section, with the AI tab taking its place. Although Meta presents this as an upgrade, many users feel it disrupts WhatsApp's clean and straightforward design. 
 
Meta’s strategy seems focused on expanding its AI ecosystem across its platforms—Instagram, Facebook, and now WhatsApp. By introducing AI bots, Meta aims to boost user engagement and explore new revenue opportunities. However, this shift risks undermining WhatsApp’s core values of simplicity and secure communication. The addition of AI could clutter the interface and complicate user experience. 

Key Concerns Among Users 
 
1. Loss of Simplicity: WhatsApp’s minimalistic design has been central to its popularity. Adding AI features could make the app feel overloaded and detract from its primary function as a messaging platform. 
 
2. Privacy and Security Risks: Known for its end-to-end encryption, WhatsApp prioritizes user privacy. Introducing AI bots raises questions about data security and how Meta will prevent misuse of these bots. 
 
3. Unwanted Features: Many users believe AI bots are unnecessary for a messaging app. Unlike optional AI tools on platforms like ChatGPT or Google Gemini, Meta's integration feels forced.
 
4. Cluttered Interface: Replacing the "Communities" tab with the AI tab consumes valuable space, potentially disrupting how users navigate the app. 

The Bigger Picture 

Meta may eventually allow users to create custom AI bots within WhatsApp, a feature already available on Instagram. However, this could introduce significant risks. Poorly moderated bots might spread harmful or misleading content, threatening user trust and safety. 

WhatsApp users value its security and simplicity. While some might welcome AI bots, most prefer such features to remain optional and unobtrusive. Since the AI bot feature is still in testing, it’s unclear whether Meta will implement it globally. Many hope WhatsApp will stay true to its core strengths—simplicity, privacy, and reliability—rather than adopting features that could alienate its loyal user base. Will this AI integration enhance the platform or compromise its identity? Only time will tell.
Read more »
WhatsApp
Cyber Attacks espionage Iran Israel spying surveillance Telegram WhatsApp

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Shin Bet, an Israeli Cybersecurity Service said recently it discovered over 200 Iranian phishing attempts targeting top Israeli diplomats to get personal information. Shin Bet believes the attacks were launched by Iranian actors through Telegram, WhatsApp, and email. 

The threat actors tried to bait targets into downloading infected apps that would give them access to victim devices and leak personal data like location history and residential addresses.

Iran Targeting Israeli Officials

The targeted senior officials include academicians, politicians, media professionals, and others

ShinBet said the stolen information would be used by Iran to launch attacks against Israeli nationals “through Israeli cells they have recruited within the country.” The targets were reached out with an “individually tailored cover story for each victim according to their area of work, so the approach doesn’t seem suspicious.”

In one case, the attacker disguised as a Cabinet Secretary lured the target saying he wanted to coordinate with PM Benjamin Netanyahu. Shin Bet has tracked the targets involved in the campaign and informed them about the phishing attempts. 

“This is another significant threat in the campaign Iran is waging against Israel, aimed at carrying out assassination attacks. We request heightened awareness, as cyberattacks of this type can be avoided before they happen through awareness, caution, suspicion, and proper preventative behavior online,” said a Shin Bet official.

Reasons for attack

Shin Bet “will continue to act to identify Iranian activity and thwart it in advance.” It believes the motive behind the attacks was to manage future attacks on Israeli nationals using information given by Israeli cells recruited by Iran. The campaign is a sign of an escalation between Iran and Israel, the end goal being assassination attempts.

The bigger picture

The recent discovery of phishing campaigns is part of larger targeted campaigns against Israel. In September 2024, 7 Jewish Israelis were arrested for allegedly spying on IDF and Israeli security figures for Iran. 

The Times of Israel reports, “Also in September, a man from the southern city of Ashkelon was arrested on allegations that he was smuggled into Iran twice, received payment to carry out missions on behalf of Tehran, and was recruited to assassinate either Israel’s prime minister, defense minister, or the head of the Shin Bet.”

Read more »
WhatsApp
AI Advancements CyberCrime Cybersecurity CyberThreat New Transition Privacy Threat Technology Usernames WhatsApp

WhatsApp Moves Toward Usernames, Phasing Out Phone Numbers

 


WhatsApp has announced enhancements to its contact management features, allowing users to add and manage contacts from any device. Previously, contact management was limited to mobile devices, requiring users to input phone numbers or scan QR codes. The update will soon enable users to manage contacts via WhatsApp Web and Windows, with plans to expand to other linked devices. Meta has revealed some exciting new features coming to WhatsApp, making it simpler to add and manage contacts. 

Soon, users will be able to privately add and manage their contacts, no matter what device they’re using. While the messaging platform already offers cross-platform support, users were able to add a new contact only via the primary Android phone or iOS handset — by adding a phone number or scanning a QR code. 

It's particularly a problem in the age when WhatsApp wants to be everywhere, with cross-device syncing between users' smartphone, web, and desktop apps. If users wanted to add a new contact while using WhatsApp on their computer, for example, too bad: Users needed to use their smartphone.

Now, however, WhatsApp is fixing the issue: The company announced on Tuesday that WhatsApp will soon let users add and store their contacts on any device, including the web or the desktop app, meaning they will no longer need to open their smartphone app just to save a contact. This can be handy, especially for business users, now that WhatsApp lets users run two different accounts on one device. Users can save contacts to their business WhatsApp account without crowding their phone's contact book. According to WhatsApp, the contacts will be saved using a new encrypted storage system called Identity Proof Linked Storage (IPLS). 

The system will generate an encrypted key every time users save a contact. In effect, their saved contacts are protected by encryption: Only users can retrieve their contacts from WhatsApp's servers. In a press release, WhatsApp notes that users will soon be able to add and manage contacts through WhatsApp Web and also through Windows platforms or their preferred devices, like Android tablets. In some cases, users would want a certain contact only on WhatsApp and not as a contact on their phone contacts list. The messaging platform also adds such possibility, making handling personal and business numbers easier.

It helps when people have more than one account on their device. WhatsApp adds that contacts saved on the messaging platform can be readily restored when a user switches devices, which will be useful if they lose their smartphones and phone numbers. The messaging platform's primary aim with the introduction of these new capabilities is to eventually "manage and save contacts by usernames." Usernames aren't new, and most Android apps and even Meta-owned apps like Instagram utilize them. 

They create a unique identity for a person, irrespective of their phone number. This is an extra layer of privacy on the platform, which is likely to be coming soon to WhatsApp. Future updates will include the ability to manage contacts using usernames, enhancing privacy by eliminating the need to share phone numbers. This development aims to provide users with greater control and security over their contact information. WhatsApp is undergoing significant changes, moving toward implementing usernames as an alternative to traditional phone numbers for managing contacts on its platform. This transition marks a strategic effort to offer users more privacy and flexibility in their communication. 

One of the key benefits of this new approach is the convenience it provides to users who maintain multiple WhatsApp accounts on a single device. The introduction of usernames will streamline account management, allowing users to distinguish between different accounts more easily. Furthermore, when switching devices, users will find it simpler to restore contacts, even if they have lost access to their original smartphone or phone number. This added capability ensures continuity and simplifies the process of transitioning between devices. 

WhatsApp's long-term vision for this initiative is to enable contact management through usernames rather than relying solely on phone numbers. By doing so, the platform aims to enhance user privacy and offer more control over personal information. This shift will allow individuals to share their WhatsApp contact details without disclosing their phone number, thereby reducing the risks associated with sharing sensitive information and improving overall user security. 

The use of usernames as unique identifiers is not a novel concept in the tech world; many popular Android applications, including Meta-owned platforms like Instagram, have successfully integrated username-based systems for contact management. This model not only fosters a more secure environment but also allows users to establish a distinct identity separate from their phone number. In upcoming updates, WhatsApp is expected to further expand these capabilities by enabling more comprehensive contact management through usernames. 

The new features will likely include options for managing contacts and other privacy settings more intuitively, reinforcing the messaging platform's commitment to providing a more secure and user-friendly experience. As WhatsApp adopts these changes, it sets the stage for a more privacy-focused approach, empowering users to protect their contact information while maintaining the convenience of seamless communication. With these updates, WhatsApp continues to position itself at the forefront of secure and versatile communication technology. 

By embracing usernames and enhancing cross-device functionality, the platform not only addresses the evolving needs of its users but also anticipates future trends in digital privacy and convenience. The introduction of encrypted contact storage and flexible management options further solidifies WhatsApp's commitment to protecting user data while streamlining the user experience. As the platform gradually shifts away from phone number dependency, it ushers in a new era where privacy, security, and usability are given paramount importance, setting a standard for other messaging services to follow.
Read more »
WhatsApp
Google malware Minecraft Necro Trojan Play Store Spotify WhatsApp

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

A new variant of Necro malware loader was found on 11 million Android devices through Google Play in infected SDK supply chain attacks. The re-appearance of Necro malware is a sign of persistent flaws in popular app stores like Google. 

A recent report by Kaspersky suggests the latest version of Necro Trojan was deployed via infected advertising software development kits (SDK) used by Android game mods, authentic apps, and mod variants of famous software, such as Minecraft, Spotify, and WhatsApp. The blog covers key findings from the Kaspersky report, the techniques used by threat actors, and the impact on cybersecurity. 

What is Necro Trojan 

Aka Necro Python, the Necro Trojan is an advanced malware strain active since it first appeared. Malware can perform various malicious activities such as cryptocurrency mining, data theft, and installation of additional payloads. The recent version is more advanced, making it difficult to track and eliminate. 

Distribution of Necro Trojan

Users sometimes want premium or customized options that official versions don't have. But these unofficial mods, such as GB WhatsApp, Spotify+, and Insta Pro can contain malware. Traditionally, threat actors used these mods because they are distributed on unofficial sites that lack moderation. 

However, in the recent trend, experts discovered actors targeting official app stores via infected apps

In the latest case, Trojan authors abused both distribution vectors, a new variant of multi-stage Necro loader compromised modified versions of Spotify, Minecraft, and other famous apps in unofficial sources, and apps in Google Play. "The modular architecture gives the Trojan’s creators a wide range of options for both mass and targeted delivery of loader updates or new malicious modules depending on the infected application,” said the report.

Key Findings

  • The downloaded payloads can display ads in invisible windows, and interact with them. They can also execute arbitrary DEX files, install download apps, open arbitrary links in invisible WebView windows and run JavaScript, run a tunnel via the victim's device, and subscribe to paid services. 
  • The new variant of the Necro loader uses obfuscation to escape detection. 
  • The loader deployed in the app uses steganography tactics to hide payloads 

Read more »
WhatsApp
Cyber Attacks CyberCrime Cyberhackers Cybersecruity CyberThreat WhatsApp

WhatsApp Bans 7.1 Million Indian Users, Warns of More Bans for Rule Violations

 



A Meta-owned company called WhatsApp announced on Saturday that the company had banned more than 7.1 million Indian WhatsApp accounts for violating local laws in April. Approximately 1,302,000 of the 7,182,000 banned WhatsApp accounts were proactively blocked before any user reports. A company statement states that there are 7,182,000 banned WhatsApp accounts. Each month, thousands of Indians who are reported as scammers or violating the platform's privacy policies are banned. 
 
According to the latest India Monthly Report published by Meta, between April 1, 2024, and April 30, 2024, nearly 71 lakh Indian accounts were banned by the instant messaging service, a move to curb misuse and maintain platform integrity. Also, the company has assured us that in the future it will continue to implement more bans for users that continue to violate its rules.

As of April 1, 2018, WhatsApp banned a total of 7,182,000 accounts, of which 1,302,000 were proactively banned before any complaints from users. Taking this proactive approach is an integral part of WhatsApp's overall strategy to prevent abuse before it occurs. The company uses advanced machine learning and data analytics to identify suspicious behaviour patterns that indicate abuse before it occurs. 

The company received 10,554 reports from users in April 2024 regarding various topics such as account support, ban appeals, product support, and safety concerns. According to the stringent criteria for taking action on an account, there were only six accounts which were acted upon in response to these reports. 

A ban on Indian accounts is a clear indication that WhatsApp is complying with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 by publishing compliance reports detailing the actions taken to address the grievances and violations of law as outlined in the Rules. It is clear from the latest report from June 2024 that WhatsApp is doing a good job of curbing harmful behaviour by utilizing user complaints as well as the sophisticated detection mechanisms it has in place. 

In the opinion of some experts, the account "Actioned" refers to complaints on which WhatsApp has taken remedial action. It was also explained by WhatsApp that it had received two orders from the Grievance Appellate Committee of the country, and was able to comply with them both, as outlined in its monthly compliance report. As per the report, the new Indian IT Rules of 2021 appear to have been followed. 

The company, from what we can gather, appears to employ a team of engineers, data scientists, analysts, researchers, and experts in law enforcement, online safety, and technology development to oversee its efforts to ensure these efforts are carried out effectively. Despite its multi-faceted approach to detecting and preventing abuse, WhatsApp is claimed to use a multi-layered approach to prevent abuse. It assumes that a user's account lifecycle involves various stages that may be compromised or might cause potential issues. 

To detect and block suspicious registrations during the process of creating a WhatsApp account, WhatsApp has constructed a vulnerable mechanism. With this, WhatsApp can prevent bad actors from entering the platform in the first place and causing problems for the platform. As part of its use of ITA algorithms, WhatsApp also continuously scans messages for patterns that are indicative of harmful behaviour and sends notifications accordingly. As part of this, you may receive spam messages, threats, or misinformation that spreads across the Internet.

It is very important to note that WhatsApp takes its customers' feedback into account as well as playing a vital role in the scanning of accounts. A user's action of reporting or blocking contacts contributes to the detection system of WhatsApp when it comes to that contact. It is this initiative that may lead to WhatsApp taking further action and possibly barring accounts from using the service. In addition to this, WhatsApp has a dedicated team of analysts who are constantly looking for ways to improve the efficiency of the system by examining complex or unusual cases.
Read more »
WhatsApp
Banking Data Cyber Attacks Cyber Scams E-Commerce fake Hacking WhatsApp Malaysia Malware Attack Payment Gateway WhatsApp

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.
Read more »
WhatsApp updates
Authentication Mobile Security user data security WhatsApp WhatsApp security features WhatsApp updates

WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature

 

In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further emphasizing its commitment to safeguarding user conversations. 

Additionally, WhatsApp has released utilities such as chat lock and app lock to enhance chat security and privacy. One notable feature is chat lock, which allows users to hide private conversations from the main chat lists. By enabling chat lock on a per-conversation basis, users can ensure that sensitive chats remain secure. When activated, users are prompted for biometric authentication, either through face or fingerprint recognition, before accessing locked chats. For users who require comprehensive protection for all their chats, WhatsApp offers app lock functionality. 

This feature, available at a device level on certain Android skins by major OEMs, allows users to secure the entire app with biometric authentication or device passcodes. Recently, in the latest WhatsApp beta version 2.24.6.20, the app's app lock feature underwent significant enhancements. According to findings by WABetaInfo, app lock is expanding to include additional authentication methods beyond just biometric fingerprint recognition. 

The update will introduce options such as face unlock and device passcodes, providing users with more flexibility in securing their chats. The inclusion of multiple authentication methods serves as a backup for fingerprint authentication, ensuring accessibility even in scenarios where fingerprint recognition may not be feasible. 

For example, users wearing gloves can still unlock the app using alternative methods. Moreover, the expansion of authentication options enhances accessibility for users who may face limitations with certain authentication methods. While the introduction of new authentication methods represents a significant improvement to WhatsApp's app lock feature, users are advised to exercise caution when installing the latest beta version. The current beta release may be prone to crashes, potentially compromising the app's core functionality. 

Therefore, it is recommended to await a wider release before attempting to access the new features. In conclusion, WhatsApp's dedication to user privacy and security is evident through its continuous efforts to enhance encryption and introduce innovative security features. The expansion of authentication methods for the app lock feature underscores WhatsApp's commitment to providing users with robust security options while maintaining accessibility and ease of use.
Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
WhatsApp
Android Cyberattacks CyberCrime Cybersecurity Meta Technology WhatsApp

WhatsApp's New Twinning Feature: Manage Two Accounts on a Single Device

 


There has been an announcement by Meta that users of smartphone devices will soon have the ability to use two WhatsApp accounts on the same device. 

According to Zuckerberg, switching between work and personal accounts is now much easier with this feature in place – now you don't have to worry about logging out individually each time, carrying two phones, or having your messages sent from the wrong account. 

The WhatsApp Business feature has been in development for a few months now, both in the beta version of WhatsApp and in the business version. Now it is finally available. In a recent press release, Meta said the new capability aimed at making switching accounts easier for users, such as switching between their personal phone numbers and their professional numbers, a feature aimed to simplify life for users. 

There are many people who prefer to maintain two WhatsApp accounts: one for work and one for personal communication. As a result, these users need to download a copying app on Android or setup a WhatsApp Business account on iOS in order to use this method. In this situation, it is important to point out that the multi-account login feature opens up.

It gives users the option to switch from one WhatsApp account to another with just a few taps. For the feature to be enabled, users will need to obtain a new phone number (with a SIM card) or a new phone with multiple SIMs installed in order to use it. Through a one-time password, a verification will be done for the second number by the app.  

There has been some discussion regarding the availability of the feature on Android, but to date, it is only available on Android devices. In the coming weeks, users are expected to receive the new update. Meta also recommends that users only use the official WhatsApp application and not download unofficial or fake versions to make it easier for them to add more accounts. 

WhatsApp assures users that their messages are secure and private, whereas imitations may not provide the same level of security for your messages. Currently, Meta's decision is to create a new feature to make it easier for users to use multiple WhatsApp accounts on different devices in the future. 

As of 2021, Meta has now expanded this feature to include other smartphones, so users will now be able to access their accounts on Android tablets, browsers, or computers using the multi-device feature. As a result, users of Meta will now be able to use their WhatsApp accounts on two different smartphones simultaneously. 

When setting up a second account, users can do so by going to Settings > Add Account. When setting up, they will need their second mobile phone with a SIM or a device that has the physical or eSIM capabilities for multi-SIM. It was announced earlier this week that each account can have its own notifications and privacy settings. 

With the passkey support that WhatsApp launched earlier this week for the Android version, users can no longer use SMS-based two-factor authentication to log into the app. The Chief Executive Officer (CEO) of Meta, Mark Zuckerberg, has unveiled an upcoming functionality that will enable users to utilize two WhatsApp accounts on one device, thereby streamlining the administration of personal and professional dialogues. 

This functionality, initially accessible on the Android platform, is scheduled for global implementation in the forthcoming weeks. Users will be required to possess an extra telephone number for verification purposes. Meta strongly advises against the acquisition of unofficial WhatsApp versions due to security concerns. This advancement is congruent with Meta's endeavours to augment user satisfaction and extend multi-account capabilities across diverse devices.
Read more »
WhatsApp
Calling Cybersecurity IP Masking Privacy Techincal Updation WhatsApp

Securing Your Conversations: WhatsApp Introduces IP Masking for Calls

 


Meta-owned WhatsApp is rolling out a new option on Android and iOS to make it harder for hackers to infer users' location by protecting their IP address in calls. With this new 'protect IP address in calls' feature, users will get to add an extra layer of security to their calls by protecting their IP address and location from malicious actors, reports WABetaInfo. 

Besides allowing users to create AI-generated stickers, WhatsApp is also working on something much more serious. The Meta-owned instant chat messaging platform is planning a new privacy feature that will make IP tracking a lot more difficult to achieve. 

India is witnessing a surge in cyber fraud cases and one of the most vulnerable platforms to these scams is WhatsApp. With millions of active users, the Meta-owned instant messaging app is becoming common ground for scammers to spread their tricks. So, to protect users, Meta is working on a new security feature that will allow users to block their location from being tracked down using their IP address during a call. 

According to WABetaInfo, WhatsApp previously introduced the silence unknown callers feature, allowing users to mute calls from unfamiliar contacts to enhance call privacy. The latest update reveals a new privacy relay feature for calls. 

The toggle states that enabling it would make it more difficult for people to infer your location from your message, and it goes on to explain how WhatsApp would accomplish this task. It's also worth mentioning that it's likely that this feature will remain an opt-in feature that will not be used too often because the quality of users calls would be sacrificed to have this extra layer of security. 

WhatsApp is yet to confirm when the toggle will be available on the stable version, which is expected by the end of the year, but it intends to make it available to all users in the future. However, the company has not yet confirmed the exact date when the toggle will be available on the stable version of the app. 

Using the new IP address protection feature, users can protect their location information during a call, which makes it harder for those they are communicating with to pinpoint their precise location, thus increasing the privacy of their location information during a call. This feature is not yet available on WhatsApp. 

Wabetainfo noticed it during testing and it was first observed in the WhatsApp beta for Android 2.23.18.15 update, but has not been officially announced yet. This means that an upcoming update to the app is likely to include it. 

It seems to us that this privacy safeguard applies to both voice and video calls, as there is no mention that it is limited to voice calls. According to WhatsApp's support page, both calls as well as texts or media that are sent via the platform are protected by end-to-end encryption, which is used to make sure none of the information is disclosed to the wrong parties. 

Overall, it is positive news to hear that WhatsApp is doing its utmost to improve user security, which is especially pertinent given that Meta Platforms has long been accused of neglecting user privacy. In the meantime, WhatsApp has announced that it will now offer a feature called "Silence Unknown Callers" in its settings menu.

Introducing the new feature in an official blog post of Meta, a company that announced it. It revealed the feature would give users more control and privacy over their incoming calls through the "Silence Unknown Callers" feature. For enhanced protection on the platform, the feature will screen out spam, scams, and phone calls from unknown people automatically. 

It has been announced that Mark Zuckerberg, Founder and CEO of Meta, will be releasing a new privacy feature on WhatsApp that allows users to automatically silence incoming calls from unknown contacts, as a more secure means of maintaining privacy and control. 

The new feature, which can be turned on or off, will silence incoming calls from unknown numbers once it is turned on. However, WhatsApp continues to show the call history in the call list tab and notifications so that users are not left out of important calling opportunities.
Read more »
WhatsApp
Cyber Attacks CyberCrime Cybersecurity Jews Lawsuit NSO WhatsApp

WhatsApp Debunks Baseless Claims of Cyberattack Targeting Jews

 


Forwarded messages spewing rumours of cyberattacks targeting Jewish people, or stoking fears that Jewish people might be the target of cyberattacks, have no basis in reality, according to Meta's WhatsApp messaging service. 

Numerous online platforms have appeared to be spreading the warnings in recent days, with warnings beginning to circulate on Saturday. Scott Melker, one of the most influential crypto influencers on X, who has over one million followers, posted a warning on the social network asking that people share it with others. 

Hackers will use the WhatsApp app to lure WhatsApp users to download a file called "Seismic Waves CARD" the app, which will allow them to hack their phones in less than 10 seconds after installing the app. A post by Melker has been retweeted 200 times and has been viewed more than 250,00 times as of this writing. 

As reported by NBC News, the warning has been posted more than 30 times on X and has also spread to other social media and messaging services, including Facebook, Twitter, WhatsApp and WhatsApp Messenger. There have been more than a dozen other posts since then, including one that was posted by a former Twitter user who spread the warning across Twitter, Facebook, and other social media platforms. 

In a recent interview with the New York Times, WHO Communications Manager Emily Westcott stated that similar rumours have circulated before and that the company had previously confirmed that the messages hacked by "seismic waves" had been false. There have been several hoaxes popping up of late, warning of the download of a “Seismic Waves CARD”, which supposedly relates to the Moroccan earthquakes. 

The message copycats elements of a previous hoax warning issued just several weeks ago. A Snopes report in September confirmed that those messages were also false and that WhatsApp had lied about them.

A Similar Hoax Has Been Reported in The Past 

In a report published by multiple news outlets, Emily Westcott, a communications manager at WhatsApp, owned by Meta, stated that this type of hoax has been reported in the past. 

According to her, similar messages regarding the September earthquake in Morocco had also been falsely reported by the company in a previous statement that was made to fact-checking website Snopes. Even though spyware has cropped up in the past, this issue is rare to date and the spread of the hoax plays to the fears that victims may have about spyware on their phones.

As per researchers, Israeli cyber-intelligence company NSO Group created spyware in 2019 which was capable of infecting cell phones through the app's voice calling function based on a vulnerability found in WhatsApp's code. 

According to WhatsApp's lawsuit against NSO, the spyware was allegedly targeting 1,400 users, including journalists, lawyers, human rights activists, political dissidents, diplomats, and foreign officials in a position to represent a foreign government. It has been reported that NSO's products were at least a minor part of the murder of the Washington Post journalist Jamal Khashoggi. 

Elon Musk has been criticized heavily for his more relaxed approach to content moderation and the spread of misinformation at X, and as a result, Musk himself has commented on conspiracy theories that are spreading throughout the site. After Musk posted a message on Sunday urging X users to stay updated on the Israel-Hamas fighting by following accounts known for promoting lies, Musk deleted the post after a few hours. 

A number of those accounts have also posted antisemitic content in the past, including a statement that said, "The overwhelming majority of people who work in the media and banks are Zionists," which is antisemitic. Several videos from previous conflicts have been repackaged and distributed on the Internet in the days following the outbreak of the war, including videos repurposing to show footage from the ground, video game clips claiming to show footage from the ground, and a false press release from the White House claiming the Biden administration had provided $8 billion in emergency aid to Israel.
Read more »
WhatsApp
alternative messaging apps Cyber Security End-to-End Encryption Privacy Concerns Secure Messaging Signal app SMS security risks SMS vulnerabilities Telegram WhatsApp

Seure Messaging Apps: A Safer Alternative to SMS for Enhanced Privacy and Cybersecurity

 

The Short Messaging Service (SMS) has been a fundamental part of mobile communication since the 1990s when it was introduced on cellular networks globally. 

Despite the rise of Internet Protocol-based messaging services with the advent of smartphones, SMS continues to see widespread use. However, this persistence raises concerns about its safety and privacy implications.

Reasons Why SMS Is Not Secure

1. Lack of End-to-End Encryption

SMS lacks end-to-end encryption, with messages typically transmitted in plain text. This leaves them vulnerable to interception by anyone with the necessary expertise. Even if a mobile carrier employs encryption, it's often a weak and outdated algorithm applied only during transit.

2. Dependence on Outdated Technology

SMS relies on Signaling System No. 7 (SS7), a set of signalling protocols developed in the 1970s. This aging technology is highly insecure and susceptible to various cyberattacks. Instances of hackers exploiting SS7 vulnerabilities for malicious purposes have been recorded.

3. Government Access to SMS

SS7 security holes have not been adequately addressed, potentially due to government interest in monitoring citizens. This raises concerns about governments having the ability to read SMS messages. In the U.S., law enforcement can access messages older than 180 days without a warrant, despite efforts to change this.

4. Carrier Storage of Messages

Carriers retain SMS messages for a defined period, and metadata is stored even longer. While laws and policies aim to prevent unauthorized access, breaches can still occur, potentially compromising user privacy.

5. Irreversible Nature of SMS Messages

Once sent, SMS messages cannot be retracted. They persist on the recipient's device indefinitely, unless manually deleted. This lack of control raises concerns about the potential exposure of sensitive information in cases of phone compromise or hacking.

Several secure messaging apps provide safer alternatives to SMS:

1. Signal
 
Signal is a leading secure messaging app known for its robust end-to-end encryption, ensuring only intended recipients can access messages. Developed by the non-profit Signal Foundation, it prioritizes user privacy and does not collect personal data.

2. Telegram

Telegram offers a solid alternative to SMS. While messages are not end-to-end encrypted by default, users can enable Secret Chats for enhanced security. This feature prevents forwarding and limits access to messages, photos, videos, and documents.

3. WhatsApp

Despite its affiliation with Meta, WhatsApp is a popular alternative with billions of active users. It employs end-to-end encryption for message security, surpassing the safety provided by SMS. It's available on major platforms and is widely used among contacts.

In conclusion, SMS is not a recommended option for individuals concerned about personal cybersecurity and privacy. While it offers convenience, its security shortcomings are significant. 

Secure messaging apps with end-to-end encryption are superior alternatives, providing a higher level of protection for sensitive communications. If using SMS is unavoidable, caution and additional security measures are advised to safeguard information.
Read more »
Subscribe to: Posts (Atom)