WhatsApp, Telegram Data Stored on Phones is Vulnerable to Cyber Attacks



The data saved by users onto their devices through social messaging apps, Whatsapp and Telegram is vulnerable to cyber attacks and can be exploited by malware with access to external storage, as per the security researchers at Symantec.

End-to-end encryption prevents user data from being read or secretly modified, it led users into believing that their communication is highly secured and their conversations are protected against being accessed by third-party apps. However, the findings at Symantec have made users reconsider the whole idea of data protection via encryption.

The media exchanged on WhatsApp and Telegram gets stored in either of the two storages, external or internal. Now, if the data is stored in the victim's external storage and the malware enters his mobile device, it is configured to gain easy access to these saved files and exploit it subsequently. Moreover, the malware can acquire access to this data even prior to the users, according to The Verge.

After examining the issue, WhatsApp released statements telling that the corresponding updates are under progress with Android's ongoing development.

Referencing from the statements given by a WhatsApp spokesperson, “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem. WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development,”

"WhatsApp follows guidelines from Android including: 'You should use external storage for user data that should be accessible to other apps and saved even if the user uninstalls your app, such as captured photos or downloaded files.' We store files in the same manner as other messaging apps (like Viber), email (like Gmail), and file storage apps (like Dropbox)," he added.

Commenting on the upcoming Android update, he informed, "The suggested changes here could both create privacy complications for our users and limit how photos and files could be shared."


Fake Messages on WhatsApp Asks the Users to Pay Money in Order to Continue Using the App




WhatsApp, Facebook, and Instagram suffered a social media outage on 3rd July which affected the users all across the world. As a consequence of the outage, users were not able to access the platforms properly and certain features became dysfunctional. During the outage, a lot of people in India got messages on their WhatsApp telling that the app is down due to over usage and it would be off from 11:30 PM to 6:00 AM every day. The message also asked users to forward the text message to their contacts in order to continue using the app service otherwise their account would be made inaccessible and the app services will no longer be free of charge for them.

The fake message which was circulated on WhatsApp is as follows:

“What's app will b off From 11.30pm to 6:00 am daily Declared by central govt. Message from Narendra Modi (PM) we have had an over usage of user names on WhatsApp Messenger. We are requesting all users to forward this message to their entire contact list. If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours. DO NOT ignore my words or whatsapp will no longer recognise your activation. If you wish to re-activate your account after it has been deleted, a charge of 499.00 will be added to your monthly bill. We are also aware of the issue involving the pictures updates not showing. We are working diligently at fixing this problem and it will be up and running as soon as possible. Thank you for your cooperation from the modi team. WhatsApp is going to cost you money soon. The only way that it will stay free is if you are a frequent user i.e. you have at least 50 people you are chatting with. To become a frequent user send this message to 10 people who receive it (2 ticks) and your WhatsApp logo will change color. send this to 8 people to activate the new whatsapp..
Saturday morning whatsapp will become chargeable. If you have at least 10 contacts send them this message. In this way, we will see that you are an avid user and your logo will become blue and will remain free. (As discussed in the paper today. Whatsapp will cost 0.01€ per message. Send this message to 10 people. When you do the light will turn blue otherwise whatsapp will activate billing. ITS TRUE ...... U get blue TICKS"

Likewise, another fake message claimed that WhatsApp has been sold off to Mukesh Ambani and asks users to forward the message to 10 people in order to activate the new WhatsApp along with Facebook services.

The entire message read:
"Dont ignore please read it carefully" Hello, I. Am VARUN PULYANI director of whatsapp, this message is to inform all of our users that we have sold whatsapp to Mukesh Ambani . Reliance for 19 billion $. WhatsApp is now controlled by mukesh Ambani . If you have at least 10 contacts send this sms and logo of your whatsapp will change to a new icon with facebook's "f" within 24 hours.Forward this message to more than 10 people to activate your new whatsapp with Facebook services or else your account will be deleted from new servers.
This is the final notice! Hello everyone, it seems that all the warnings were real, the use of WhatsApp cost money from November 2017. If you send this string to 18 different on your list, your icon will be blue and will be free for you. If you do not believe me see tomorrow at 6 pm ending WhatsApp and have to pay to open it, this is by law This message is to inform all of our users, our servers have recently been very congested, so we are asking you to help us solve this problem. We require our active users to forward this message to each of the people in your contact list to confirm our active users using WhatsApp, if you do not send this message to all your contacts WhatsApp will then start to charge you. Your account will remain inactive with the consequence of losing all your contacts. Message from Jim Balsamic (CEO of Whatsapp ) we have had an over usage of user names on whatsapp Messenger. We are requesting all users to forward this message to their entire contact list. If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours. Please DO NOT ignore this message or whatsapp will no longer recognise your activation. If you wish to re-activate your account after it has been deleted, a charge of 25.00 will be added to your monthly bill. We are also aware of the issue involving the pictures updates not showing. We are working diligently at fixing this problem and it will be up and running as soon as possible. Thank you for your cooperation from the Whatsapp team”

Users are advised to not believe such fake messages and avoid spreading the misinformation further by forwarding it to other users.




Global outage affecting Facebook, Instagram, and WhatsApp around the world







Social media services owned by Facebook were down for several hours for users around the world. The outage was affecting the entire ‘family of apps.’
Facebook, Instagram, and WhatsApp faced the outage from the early Morning on Wednesday, some users reported issues in uploading and downloading the images, video and audio files, while some of them faced difficulties in the News Feed. 

Facebook acknowledged the technical glitch and tweeted from their global Twitter handle stating that “We're aware that some people are having trouble uploading or sending images, videos or other files on our apps. We're sorry for the trouble and are working to get things back to normal as quickly as possible." 

The outage affected users across Asia, Europe, USA, and Africa. 

Users vented out their frustration against the three social media website on their Twitter accounts with the hashtags #instagramdown, #facebookdown and #whatsappdown, all of these hashtags were top trends on the site across the world. 

Instagram was forced to issue its own statement on Twitter. "We're sorry for the trouble and are working to get things back to normal as quickly as possible" Instagram tweeted.



Indian Government asks WhatsApp to fingerprint messages









The government of India has asked the instant messaging app WhatsApp to digitally fingerprint every message which is sent on its platform, to ensure traceability of all content. 

According to two senior government officials, WhatsApp should keep a track off a message, from where it originated, how many people read it and how many forwarded it. 

“Fingerprinting WhatsApp messages will help find the originator of the message. That is all we want,” the official said.

“We don’t want to read the messages but when we see a problematic message we should be able to go to WhatsApp to help us trace the sender,” the official further added. “They have to find a way, it is technically possible.”

After several public unrests over message forward, in December last year, the government of India has amended the Information Technology Act, which made traceability of messages compulsory for all internet platforms. 

"It is not acceptable that no one can trace any message. Somebody should be able to trace some messages sometimes. We have reached the limit of anonymity on the internet and that has to go," said official. 

However, WhatsApp declined to comment on the development.



Facebook to launch a new digital cryptocurrency





Social media giant Facebook is set to roll out a new digital cryptocurrency, Libra, next year, which would let users’ buy things as well as send money to people without any process fees. 

People would be able to make payments with the currency via    third-party wallet apps or Facebook’s own Calibra wallet that will be built into WhatsApp, Messenger and its own app. 

It is said that firms such as Uber and Visa will accept it in future.

From next year, Facebook users’ will be able to buy Libra from its platforms and then it will be stored in a digital wallet called Calibra.

The user can make payments and send money to other  users, and this whole process would instant and as easy as texting. 

"In time, we hope to offer additional services for people and businesses, such as paying bills with the push of a button, buying a cup of coffee with the scan of a code, or riding your local public transit without needing to carry cash or a metro pass,” it said. 

However, there is a big concern over how users’ money and data will be protected. 

The firm stressed that Libra would not be managed solely by the Facebook, but it would be independent, and run by a group of companies and charities- called the Libra Association.

Group of companies that are likely to accept Libra, includes
  • Payments firms such as Mastercard and PayPal
  • Digital businesses including eBay, Spotify and Uber
  • Telecoms firms such as Vodafone
  • And charities such as the microfinance group Women's World Banking.



Manipur Engineer Enters Facebook’s “Hall Of Fame 2019” By Discovering a Privacy Breach Bug



Zonel Sougaijam, a 22-year-old civil engineer, was recently honoured by Facebook for discovering a WhatsApp bug that violated the privacy of a user.

Mr. Sougaijam told PTI, in the wake of discovering the bug, that he had reported the issue to the Bug Bounty Program of the Facebook, which manages infringement of privacy matters, in March.

“During a voice call through WhatsApp, the bug used to allow the caller to upgrade it to a video call without the authorisation and knowledge of the receiver. The caller was then able to see what the other person was doing, violating the privacy of the receiver,” he said.

Zonel Sougaijam, the 22-year-old civil engineer

His report was hence acknowledged by the Facebook Security Team the immediate next day and its technical department fixed the bug under 15-20 days. The social media giant then proceeded to award him with a bounty of $5000 at the same time incorporating him in the 'Facebook Hall of Fame 2019', for detecting the WhatsApp bug.

Sougaijam's name is right now at the 16th position in a rundown of 94 people, in the 'Facebook Hall of Fame' for the current year.

Facebook had obtained Instagram in 2012 and WhatsApp in 2014. The organization has been entangled in data privacy concerns and political ramifications of its calculations throughout the most recent couple of years.



All it takes a WhatsApp call for the spyware to enter your phone


It’s been a day of high-profile security incidents. First there was news the popular WhatsApp messenger app was hacked. Updated versions of WhatsApp have been released, which you should install if you’re one of the more than one billion people who use the app.

WhatsApp has confirmed that a security flaw in the app let attackers install spy software on their targets' smartphones. The spyware install on a host phone via a WhatsApp call. The spyware deletes all WhatsApp call logs to become untraceable.

On Wednesday, chip-maker Intel confirmed that new problems discovered with some of its processors could reveal secret information to attacks.

What's scary about this spyware is that it can slip on any WhatsApp users' smartphone without giving the slightest clue that their devices have been infected. All it takes is a WhatsApp call.

The WhatsApp news was revealed first by the Financial Times, which says the bug was used in an attempt to access content on the phone of a UK-based human rights lawyer.

That has left many of its 1.5 billion users wondering how safe the "simple and secure" messaging app really is. How trustworthy are apps and devices?

No. Messages on WhatsApp are end-to-end encrypted, meaning they are scrambled when they leave the sender's device. The messages can be decrypted by the recipient's device only.

WhatsApp is arguably one of the most popular social messaging apps in the world. In the recent times, the Facebook-owned social messaging app has been under fire owing to the rampant spread of misinformation on its platform. But never has the app been under seige by a malware. That is until now.

WhatsApp has rolled out an update to its servers. It has also rolled out a security patch on to its Android and iOS apps to safeguard your phone data. Software patches have been released by several vendors, including Microsoft. You should install security updates from vendors promptly, including these.

Targeted Surveillance Attack on Whatsapp





The Facebook owned entity was recently a target of the hackers who had the option to remotely install surveillance softwares on phones and different devices utilizing a rather major vulnerability in the messaging app.

The attack incorporated of attackers utilizing WhatsApp's voice calling function to ring a target's device and regardless of whether the call was not received or not, the surveillance software could be installed. As per the Financial Times report which also speculates that the surveillance software included was created by an Israeli firm NSO Group, the call would frequently disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to recognize the flaw. It imparted that info with human rights groups, chose the security vendors and the US Department of Justice prior this month.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

WhatsApp said it was too soon to realize what number of users had been affected by the vulnerability, in spite of the fact that it included that the suspected attacks were exceptionally focused on. As indicated by the New York Times, one of the general populations targeted on was a London-based lawyer associated with a claim against the NSO Group.

Although a fix was “rolled out “on Friday, on Monday, WhatsApp requested the majority of its 1.5 billion users to update their applications as an additional precautionary measure.

How to update WhatsApp?

Android
  1. Open the Google Play store
  2. Tap the menu at the top left of the screen
  3. Tap My Apps & Games
  4. If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  5. If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  6. The latest version of WhatsApp on Android is 2.19.134

iOS
  1. Open the App Store
  2. At the bottom of the screen, tap Updates
  3. If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  4. If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  5. The latest version of WhatsApp on iOS is 2.19.51



WhatsApp vulnerability let attackers install Israeli Spyware on phones





A new vulnerability discovered in the WhatsApp allowed attackers install a malicious code on iPhones and Android phones by ringing up a target device.

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” WhatsApp said. 

The company discovered the vulnerability and later issued a security patch, although till now, it is not known how many people have been affected by this. 

According to the reports, the attackers targeted the device by just placing a call, even if you didn’t answered a call, the malicious code could be transmitted to your phone and a log of the call often disappeared. 

WhatsApp is urging all its users to upgrade their app after it released a software update yesterday. 

'We believe a select number of users were targeted through this vulnerability by an advanced cyber actor,' WhatsApp told the Financial Times.

'This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

As per the Financial Times reports, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.



Facebook to redesign Messenger, WhatsApp, and Instagram



Facebook is coming up with a series of changes to all its social media networks including Instagram and Whatsapp.

According to its boss Mark Zuckerberg the new designs and features will focus on privacy first. The company decided to change its apps after facing widespread criticism for handling users data.

"We don’t exactly have the strongest reputation on privacy right now, to put it lightly," Zuckerberg said.

Here is list of changes in the app:

  • All the messages sent via Messenger will be end-to-end encrypted by default, and the platform will be fully integrated with WhatsApp
  • Instagram will hide like counts, but not the account owner
  • A WhatsApp secure payment service would be introduced in other countries later this year.
  • The Facebook app is being redesigned to make community groups central to the newsfeed - and the distinctive blue branding is going. The redesign is rolling out in the US and then more widely straight away.
  • Users will be able to post text, stickers or drawings on their Instagram post rather than starting it with a photo or a video. 

Other than this, Facebook has introduced a new feature called Secret Crush, which is a part of Facebook Dating. This feature will let Facebook members to tag up to nine of their crushes. 

If the recipient of the crush is also using the feature and nominates them as well, then both parties will receive a message to say they have matched.

Facebook Dating will roll out in 14 new countries, but will not be available in Europe or the US.



WhatsApp launches fact-check service ahead of General Elections in India





WhatsApp on Tuesday launched a new service called Checkpoint Tipline, for Indians to combat the fake news ahead of General elections beginning this month. 

The Facebook-owned company was working with a local startup PROTO, which aimed at creating a database of false, misleading or disputed. 

The initiative is funded by the WhatsApp to study misinformation spread ahead of the upcoming elections for Checkpoint

The company has set up a verification centre, which would verify posts that are in the form of pictures, video links or text. This center will cover four regional languages - Hindi, Telugu, Bengali and Malayalam, apart from English. 

"The goal of this project is to study the misinformation phenomenon at scale," Proto's founders Ritvvij Parrikh and Nasr ul Hadi said in a statement. "As more data flows in, we will be able to identify the most susceptible or affected issues, locations, languages, regions and more."

In a statement released by the WhatsApp said the start up Proto would be helped by two other organisations who have prior experience working on misinformation-related projects.

"The challenge of viral misinformation requires more collaborative efforts and cannot be solved by any one organisation alone," WhatsApp said.






WhatsApp May Oppose the Demand for Traceability of Messages




The government wants to probe into the sources of inciting and provocative messages and posts which have led to violence across the nation, incidents of lynching and various other controversial issues.

In order to do so, it has proposed certain guidelines that would require Whatsapp to unveil information regarding the origins of messages.

As doing so will contradict the end-to-end encryption WhatsApp provides, the company will oppose the proposed regulations. It will also be violating free speech and privacy rights. 

The intermediary guidelines which are reported to be made public after elections will include jail terms and penalties for heads and officials of various messaging platforms and social media companies for non-compliance.

Reasoning WhatsApp’s failure to act in accordance with the proposed guidelines, a person said, “WhatsApp feels the proposed guidelines are too broad and not in sync with privacy protection norms that are important to people everywhere,”

“What is expected from the rules is just not possible considering the end-to-end encryption the company provides — it would mean a new product.” He added.

The Facebook-owned app, which did not answer all the questions, believes that confidentiality is one of the key aspects of what they have to offer. They feel that gathering private information of users is contradictory to the whole idea of WhatsApp which was primarily designed to keep the conversations private. 

Putting the same into perspective, another person said, “The company will continue to push back against government’s attempts that it feels weaken its end-to-end encryption feature,”

While defending its stance on safety and privacy, WhatsApp previously said, “People rely on WhatsApp for all kinds of sensitive conversations, including with their doctors, banks, and families. The police also use WhatsApp to discuss investigations and report crimes,”  

“Attributing messages on WhatsApp would undermine end-to-end encryption and the private nature of WhatsApp, creating the potential for serious misuse. Our focus is on improving WhatsApp and working closer with others in society to help keep people safe.” 

Reasserting the intention of the government, an official told ET, “They don’t or refuse to understand this — we don’t want you to look into the video or the audio or content, just tell us where (it began) or who started it,”

Understanding the concern of national security and integrity, WhatsApp said that it has made essential changes in the product and has addressed misinformation via public education campaigns. Besides that, the company also made necessary alterations like limiting the times a message can be forwarded and letting people exit groups in one tap.

However, the government did not seem to be satisfied with these alterations and has continued to request for traceability.










Facebook says outage was a result of incorrect server configuration

Facebook has said that a "server configuration change" was to blame for the worst outage in its history. Facebook and its apps Instagram, Facebook Messenger and WhatsApp suffered outages for a considerable time on Thursday, affecting users for some 12 hours in most areas of the world, with the biggest impact in North America and Europe, according to the tracking website downdetector.com.

Facebook has only just offered an explanation for the problems it has experienced over the past 24 hours.

The company hasn't elaborated on what the server configuration change exactly meant nor has it said how many users were affected or why the outage took so long to fix. In a tweet, Facebook just apologised and thanked people for their patience. It said it had "triggered a cascading series of issues" for its platforms, including WhatsApp and Instagram.

"Yesterday, as a result of a server configuration change, many people had trouble accessing our apps and services," a Facebook tweet said. "We've now resolved the issues and our systems are recovering. We're very sorry for the inconvenience and appreciate everyone's patience."

The outage was believed to be the worst ever for the internet giant that reaches an estimated 2.7 billion people with its core social network, Instagram and messaging applications. It took the social network giant a full day from when the problems began to offer any explanation. It added that everything was now back to normal.

The outage brought fresh attention to the embattled social networking leader. It is yet another publicity problem for a company already dealing with privacy issues and regulatory probes.

The disruption isn’t likely to hurt advertisers much since they usually pay for ads per click or impression. But they lose potential customers who might have seen their ads when the site and apps were down. Longer term, Facebook’s reputation with advertisers and investors could be damaged, said Wedbush Securities managing director Dan Ives. It didn’t help that it took Facebook so long to explain what was going on, he said. Facebook said on Wednesday that the problem was not related to a “distributed denial of service” or DDoS attack, a type of attack that hackers use to interrupt service to a site, but didn’t provide any other details until Thursday. “In these situations, a lack of transparency is not a good look,” Ives said. “The longer something like this lasts, the more questions there are.”

Whatsapp Asks Apple Users to Beware Of the Touch ID, Face ID Feature




A recently discovered bug in the Touch ID, Face ID feature rolled out on WhatsApp is progressively turning into a grave threat to the iPhone users as it enables anyone to effortlessly sidestep the authentication systems. The support for Touch ID or Face ID to unlock the application is accessible for WhatsApp version 2.19.20 and when enabled correctly, the application requires the user to utilize the Touch ID or Face ID each time they get to access the application.

The Android users are safe, since this specific feature isn't made available for them.

A Reddit user explained in a post with respect to how simple the bypassing of the system is and how nearly anybody can do it. The method fundamentally begins to work when the user gets the choice to unlock the application either immediately or after one moment, after 15 minutes or after an hour and he/she chooses some other option than "Immediately".

It doesn't work in the event that it is set to immediately and this can be changed when "Require Face ID" is enabled from WhatsApp Settings > Account > Privacy > Screen Lock. In the event that the user wishes to sidestep the Touch ID and Face ID feature on the iPhone, they will need to open the iOS Share Sheet on any application and pick WhatsApp.


In the interim, WhatsApp issues an announcement with respect to its awareness with the issue and said that, “We are aware of the issue and a fix will be available shortly. In the meantime, we recommend that people set the screen lock option to immediately,”



Whatsapp Declines to comply with the Government’s Demand



With general elections scheduled to be held one year from now in India, the Indian Government is taking a strict prospect of the utilization of various social media platforms like Facebook, Twitter, and WhatsApp for the spread of prevarication of information.

In the light of the same it had requested from WhatsApp for a solution for track the outset of messages on its platform.

The Facebook owned firm though declined to comply with the government's request saying that the move will undermine the protection and privacy of WhatsApp users.

Sources in the IT Ministry have said that the administration has declared that WhatsApp should keep on exploring the specialized technical advancements whereby if there should be an occurrence of mass circulation of offensive and detestable messages whipping up clashes and delinquency, the outset can be figured out easily.

The ministry is additionally looking for an all the more firm affirmation of the assent with Indian laws from the company, along with the foundation of grievance officer with a wide framework.

Accentuation has been given to the fact that a local corporate entity, subject to Indian laws, ought to be set up by the company in the outlined time period.


Prior this week the WhatsApp Head Chris Daniels got together with the IT Minister Ravi Shankar Prasad for tending issues similar to this one. After the gathering, Mr. Prasad said that the legislature has requested that WhatsApp set up a local corporate entity and uncover a technological solution in order to ascertain the outset of the  phony messages circled through its platform simultaneously commission  a grievance  officer.

 “People rely on WhatsApp for all kinds of sensitive conversations, including with their doctors, banks and families. Building traceability would undermine end-to-end encryption and the private nature of WhatsApp, creating potential for serious misuse,” the Facebook-owned firm said on Thursday.

“WhatsApp will not weaken the privacy protections we provide,” a company spokesperson stressed, adding, “Our focus remains working closely with others in India to educate people about misinformation and help keep people safe.”

A month ago, WhatsApp top administrators, including COO Matthew Idema, met IT Secretary and other Indian government authorities to summarize the several different advances being taken by the company on this issue.


WABetaInfo says WhatsApp in Israel now uses Facebook servers

A popular fan website, WABetaInfo, that tracks WhatsApp Beta updates, on Monday tweeted that WhatsApp users in Israel are now connected through Facebook servers.


This news comes amidst the Facebook privacy and data controversy when people online are wary of what using Facebook means for their privacy and security.

WABetaInfo, however, again tweeted to reassure users that the data is still encrypted and that Facebook will only be receiving the metadata.


The website also said that the new update will improve the quality of the connection.

Twitter user and information security researcher, Karine Nahon, however, pointed out that:


Another user said that encryption itself is not a problem, but the fact that dynamic metadata such as last seen, etc. should be deleted after some time.


Still, the website told its readers not to worry and to wait till May to understand what data is being stored in the servers.

WhatsApp has not yet confirmed or denied this update.

A new privacy law — the General Data Protection Regulation (GDPR) — passed by the European Union will come into effect from May 25 this year, which will harmonize internet privacy laws all across Europe.

WhatsApp had last month signed a public commitment with Britain's Information Commissioner's Office (ICO) to not share user’s data with Facebook until the privacy and data security concerns have been addressed.

Information Commissioner Elizabeth Denham in a statement said, "WhatsApp has assured us that no UK user data has ever been shared with Facebook, other than as a 'data processor.’ ”

A New App That Can Help You Spy On Your Contacts via Whatsapp


There is no doubt that WhatsApp is hands down the most used instant messaging service today and there's no messaging app that can match it in terms of users on-board.

But unfortunately, the app has called for a host of hacks that basically allows a person to spy on any of their friends or family via WhatsApp without them having any knowledge of it.

This new creepy app  "Chatwatch"  helps an individual to do  this is by making use of the online or offline status feature of WhatsApp's to tell users how often their friends check the app and also estimates as to when they go to bed every day -- potentially making it an invasive app.

"Find out when they went to bed, how long they slept… Even compare chat patterns between people you know, and we will tell you the probability of them talking to each other during the day, using Artificial Intelligence," Chatwatch notes on its website.

Now what’s more distressing is that all this comes at a time when Facebook users are busy uninstalling apps they got connected with long ago via "Facebook log-in" after the social media platform, which also owns WhatsApp, was hit by a major data breach.

It's a creepy new trick that the app's developers hope will bring more attention to how Facebook handles our data, along with how other companies access and analyse it," tech website LifeHacker reported. "It's also likely that WhatsApp will find a way to block Chatwatch soon. So if you want to spy on your friends expose Facebook's privacy issues, you should try it soon," it added.

Chatwatch generally requires 24 hours before it can generate certain insights but even if you’ve disabled the ‘Last Seen’ feature in your account settings, it’ll still be able to figure out your WhatsApp activity quiet easily.

"Chatwatch" is currently available on Android platform and the developers are reportedly working on a web-based version as well. The app was first launched on iOS devices but it was later taken off from the Apple App Store. For reasons unknown to the website, it further adds that Apple has suspended their app from the app store, but they are working on a web version to launch as soon as possible, and appealing the decision with Apple.



CBI busts child pornography racket internationally operating on WhatsApp

The Central Bureau of Investigation (CBI) on Thursday busted an internationally operating WhatsApp-based child pornography racket, which had 199 members from all over the world.

According to CBI, the racket was being operated from Delhi, Noida, and Uttar Pradesh.

The main WhatsApp group admin and kingpin, Nikhil Verma (20), has been arrested and the police have searched the premises of Verma and four other suspects — Satyendra Chauhan, Nafis Raza, Zahid, and Adarsh — in Delhi, Uttar Pradesh, and Maharashtra.

CBI is investigating whether the videos uploaded on the group were recorded by the admins or were sourced from elsewhere, and whether they were charging money for sharing the clips.

The group (called “KidsXXX”) had 199 members and included nationals from India and various other countries including US, Pakistan, Brazil, Afghanistan, Sri Lanka, Kenya, Nigeria, Mexico, and New Zealand.

After receiving intelligence of the group, CBI tracked the IP addresses of the admins and kept a watch for sometime before carrying out the raids.

CBI has registered a case against the admins and members of the group under section 67-B of the IT Act and law enforcement of other countries involved have also been contacted. Identities of the victims are yet to be confirmed.

Police have seized laptops and hardware of the administrators where child pornographic content was found.

Lebanon Spyware Uncovered, Steals Data through Fake Messaging Apps

Researchers from non-profit campaign group Electronic Frontier Foundation (EFF) and mobile security group Lookout have together uncovered malware that targets individuals such as military personnel, journalists, lawyers, and activists, using fake apps that look like popular messaging apps like WhatsApp and Signal.

The malware, dubbed “Dark Caracal” by the researchers, targets known Android weaknesses and iOS has not been affected by it.

According to their report on Dark Caracal, the malware was traced back to a server in a Lebanese government building — a building belonging to the Lebanese General Security Directorate in Beirut, Lebanon — and seems like the threat could be coming from a nation-state.

“We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America, Europe, the Middle East, and Asia,” the report read.

“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying because phones are full of so much data about a person’s day-to-day life,” said EFF Director of Cybersecurity Eva Galperin.

Data stolen through the spyware includes documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.

According to EFF, WhatsApp or Signal have not been compromised, and Google has confirmed that the infected apps were not downloaded from its Play Store. Instead, the attackers use “spearphishing” to get these fake apps on targets’ phones, which is a phishing attack that specifically targets an individual using information the attacker has on the victim.

“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin.

Dark Caracal has reportedly been operating since 2012 but has been unable to track down because of the number of similar attacks happening all over the world that have repeatedly been misattributed to other cybercrime groups.

This research has shed light on how governments and people are able to spy on individuals all over the world.



Skygofree Malware: One of Most Advanced Spyware Ever Seen

Russian cybersecurity lab, Kaspersky, has found out a new advanced Android spyware having “never before seen” features that lets hackers carry out advanced surveillance on Android phones, such as location-based audio recording, WhatsApp message theft, and connecting an infected device to Wi-Fi networks controlled by cybercriminals.

The malware, dubbed as “Skygofree,” was reportedly found on malicious websites in Italy. According to Kaspersky, the malware is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares.

More information including, Skygofree's commands, indicators of compromise, domain addresses, and device models targeted, can be found in their blog post on Securelist.

The spyware functions by tricking the “Accessibility” feature present in Android to help users with disabilities access their apps. Using this, the spyware can read the messages displayed on the screen, even those sent by the user.

Skygofree is also capable of taking pictures and video, recording audio and noise according to the location specified by the hacker, record Skype conversations, seizing call records, geolocation data, and other sensitive data.

Kaspersky believes that, just like an earlier hack in 2015 by Hacking Team, an Italy-based spyware developer, Skygofree was also developed by Italians.

Skygofree has allegedly been active since 2014 and has been targeting select individuals, who are all from Italy. The spyware has been undergoing regular development since then and as many as 48 commands were found in the latest version.