Search This Blog

Showing posts with label WhatsApp. Show all posts

Data Privacy on Alert; Facebook, Whatsapp and Others Fear The Personal Data Protection Bill?


The latest amendments in the “personal data protection bill” of India could make Facebook and other data consuming platforms lose sleep over enhanced government powers.

On Tuesday, the Personal Data Protection Bill was passed around in the parliament which could have strong consequences on the way the organizations store, process and use public data.

The newest addition to the bill is the stipulation that endows the Indian government to demand from a company the “anonymized” personal and non-personal data for better government services.

Per the bill, any information that could aid in identifying a person and possesses characteristics, traits or any attributes of a person’s identity could be defined as “personal data” and the rest as non-personal.

For the leading tech-organizations, personal or non-personal, the data is valuable. And these new provisions brought out by the bill are issues of major concern.

Reportedly, an official strongly taking the government’s stand mentioned that the “personal data” is as valuable to the society as it is to the tech-companies.

They also mentioned something along the lines of making use of data from cab organizations like “Uber” to comprehend the limitations of Indian public transport and what could be done for its betterment.


There is no specific mention as to what the data shall come in exchange for or any other ensuing rules as to the processes regarding it.

Per the bill, personal data such as biometric details and financial data could be transferred beyond the boundaries of India for processing purposes but must be stored locally.

Allegedly, the media platforms in question could also need to provide a structured procedure for users to “prove their identities” and “display a verification sign publicly”. This could cause major companies to face major technical issues.

Dreading the possibility of furthered compliance costs, the countries across the globe have been pushing their agencies to go against such rules.

Per reports, these fresh exceptions that the bill makes available for the government could be alarming for India’s privacy situation which isn’t as strong as all that.

The bill that shall soon be presented in the parliament will definitely not be passed in this session and only after further voting and discussion should any results be declared.

ICQ and Signal are the most secure messengers in Russia, says Vladimir Zykov


Vladimir Zykov believes that ICQ messenger is safer than WhatsApp, but this does not solve the problems. iOS and Android operating systems contain many vulnerabilities that are exploited by hackers.

Choosing a messenger for use, Russians are guided mainly by the advice of friends and their own feelings, said Vladimir Zykov, head of the Association of Professional Network Users and Messengers. The expert is sure that ICQ and Signal messengers are the safest in Russia. But few people use them.

In General, any messenger for a smartphone does not guarantee absolute security, because a vulnerable operating system controls the messenger.

"But if you choose secure mobile software, then the probability of hacking, of course, decreases," said the expert.

According to the expert, the situation is due to the fact that most applications run on mobile devices running the operating systems iOS and Android, developed by American companies Apple and Google. Therefore, they have access to Russian accounts.

"That is, in fact, their owners can connect to your phone and calmly watch from the screen everything that you have there," said he.

Earlier, the creator of Telegram and VKontakte Pavel Durov sharply criticized Facebook. The entrepreneur is unhappy with the protection of information in the WhatsApp messenger.
According to Durov, the application is a kind of Trojan that are not connected in any way with the messenger. This is due to the policy of the American company, which deliberately leaves security vulnerabilities.

WhatsApp, at the same time, is one of the most common messengers among Russians. In addition to it, the Viber application is popular. However, as experts say, these services do not really have high security.

Pavel Durov, the founder of Telegram advised users to remove WhatsApp from smartphones


The Creator of Telegram messenger Pavel Durov called WhatsApp application unsafe.
He recalled a recently discovered vulnerability that allowed hackers and government intelligence agencies to access user data.

"WhatsApp not only does not protect your messages, but this app is also constantly being used as a Trojan to track photos and messages unrelated to Messenger," wrote he on the Telegram channel.
According to Durov, the problem lies in the policy of Facebook, which owns WhatsApp.
Durov noted that his Telegram messenger did not encounter such vulnerabilities in six years of existence. At the same time, he doubted that WhatsApp makes mistakes in the security system due to system imperfections.

"It is very unlikely that someone can accidentally allow serious security failures, such convenient for surveillance, on a regular basis," said he.Therefore, Durov urged users to delete WhatsApp.

In addition, Durov claimed that WhatsApp, like Facebook, shared user information with almost everyone who claimed to be working for the government.

The words of the Creator of Telegram were commented by experts. Thus, the CEO of Digital platforms Arseny Shcheltsin noted that any messenger, including Telegram, has access to the files of the smartphone.

"Does the messenger use this data for its work? It's hard to say," said he.According to Shcheltsin, WhatsApp is trying to demonstrate its usefulness to investors and recoup millions of dollars in costs. And Mark Zuckerberg can consider data collection is an excellent format for the best advertising targeting.

Arseniy Poyarkov, a member of the State Duma’s expert council on the digital economy, advised users of Messengers to prepare in advance for the fact that their personal data can become available to anyone.

According to him, data leaks are almost always associated with careless actions of the user himself.
"Observing information hygiene: using VPN, foreign secure messengers, regularly deleting correspondence and unnecessary photos - you can feel safe with a high degree of confidence," concluded Poyarkov.

New Bug that hacks WhatsApp and makes DoS Attacks through crafted MP4 Files


A latest risky threat has been identified in both Android/iOS devices' WhatsApp version. The bug allows hackers to transmit tampered MP4 folders to WhatsApp users, which enables the Dos and Remote Code Execution Attack. Whatsapp is one of the most popular social media apps in the world, with billions of Android and ios users. The threat is categorized as a “Risky” vulnerability that struck a remote code block of MP4 files in the Whatsapp database. The bug exploits the user's device and manipulates a piece of information to hit the memory of WhatsApp Messenger.



The vulnerability allows hackers to use the bug on the user’s smartphone to take important data and also allows surveillance of user activity. “The bug can activate a stack-based buffer in the user's Whatsapp account by transmitting tampered MP4 folders. The problem was already breaking down the primary metadata of the MP4 files. This could lead to an RCE or DoS attack," says the Facebook advisory board on behalf of WhatsApp.

About RCE Vulnerability- 

In an RCE hack, attackers purposely misuse a primitive code performance vulnerability to run the virus. RCE can have harmful results on a network—by urging the affected system to execute code performance, the attacker can conduct his performing. The threat also enables hackers to execute the attack without any kind of verification. Known as CVE-2019-11931, the vulnerability can be tracked using the same. It is not the first time that such an attack has occurred on Whatsapp, another similar RCE attack was discovered last month that allowed hackers to steal files from users' WhatsApp account using wicked Gifs.

As of now, no factual details about the vulnerability are available. The experts are still inquiring about the issue. "No proof was found for the vulnerability that caused the exploit," said Whatsapp spokesperson to GBHackers. He further says, “WhatsApp is steadily striving to upgrade the safety of our assistance. We give open statements on possible problems that we have solved steadily with management friendly manners. In this case, there is no evidence to assume users were affected.”

NSO's Spyware Pegasus Taking Control of Mobile Devices through Apps


NSO's spyware Pegasus has been revealed to assume control for mobile devices through various apps; this is a matter of grave concern as cybersecurity firms have in the past also discovered the Pegasus software to exist in both the Apple and Android operating systems.

While WhatsApp said the number of infected users may go up from the present gauge of 1,400, as more users come forward with this issue, Newswire Reuters even reported citing to sources familiar with WhatsApp's internal investigation that the snooping may also include prominent government and military authorities in about 20 nations, aside from activists and journalists.

Raman Jit Singh Chima, Asia Policy Director, and Senior International Counsel at open internet advocacy group Access Now says that “Surveillance tech firms such as NSO and others market these capabilities with the intent of allowing their clients to hack and surveil all of the everyday smartphone activity of the targeted victim.”

He further included this may also include services, like Gmail, iMessage, Facebook, and Viber.

NSO's utilization of malware to control Apple devices is said to have been first discovered in 2016, and Apple along these lines had even released software upgrades in September 2016 after it found that hackers could have accessed its devices by making a victim click on a link and it was then speculated that Pegasus spyware could have been installed by misusing vulnerabilities in its software.

University of Toronto-based Citizen Lab, which aided WhatsApp in its investigation for the aforementioned issue, said in a 2018 report that Pegasus seems, by all accounts, to be being used by nations with 'dubious' human rights records and histories of harsh conduct by state security administrations.

This includes India too, as one NSO administrator named the Ganges is said to have been operated in India and was discovered by Citizen Lab. Most recently WhatsApp stresses the fact that the number of users affected may go up later on particularly in India because of the total absence of any surveillance reform or data protection laws.

End of Facebook encrypted messaging?


The United States, United Kingdom and Australia, in an open letter, dated 4 October urged Facebook to create backdoors into its encrypted messaging apps to grant law enforcers faster access to private messages. This would help the government to tackle child abuse, terrorism and organized crimes.

The open letter was signed by UK home secretary Priti Patel, the US Attorney General William Barr, Acting US Homeland Security Secretary Kevin McAleenan and the Australian minister for Home Affairs Peter Dutton on the grounds that cross-platform messaging encryption threatens public safety. It also aligns with UK and US’s agreement of “world-first” data access that will make cross border access to data easier and faster.

Earlier this process took from six months to a year however this agreement will speed up the process by weeks to even days as it will permit law enforcers to demand data directly from the company without asking the country’s government first.

Head of online child safety at the NSPCC Tony Stower said, “The landmark agreement between the US and UK on accessing data will radically reduce the time it takes for police to get hold of the data they need from tech giants to bring offenders to justice.
"It should be a hugely important step forward in tackling online child abuse - if tech giants play their part too."

What is End to End Encryption?

In End to End Encryption, the key to access the message is only with the sender and the recipient, even the platform can’t access the content. And, to access the content the platform needs to add backdoors that they themselves and government can access.

Facebook owned, WhatsApp already has end to end encryption and in March 2019, following the data scandal and Facebook's incompetence to protect its user’s data, Mark Zuckerberg announced plans to incorporate this encryption in messenger and Instagram.

With this open letter the governments of US, UK and Australia are pressuring Facebook to pause its plans of encrypting all messages. To which Facebook stand in opposition saying "people have the right to have a private conversation online." Facebook states that it is "consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology" to keep people safe.

Privacy or Public Safety 

The letter chiefly focuses on child abuse and exploitation, considering the risk of easy access to offenders and criminals with encryption. In 2018, Facebook reported 16 million child-exploitation tips last year, Deputy Attorney General Jeffrey Rosen said.

FBI Director Christopher Wray said that Facebook’s proposal to encrypt its popular messaging program would turn the platform into a “dream come true for predators and child pornographers.” (Sc Reuters)

The letter supports encryption but with backdoors that grants government “a means for lawful access to the content of communications”

Facebook spokesperson said “We believe people have the right to have a private conversation online, wherever they are in the world. Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.”

Electronic Frontier Foundation (EFF) called the letter “ an all-out attack on encryption” and the organization cautioned that such measures could pose a risk to journalist and activists and could be used by “authoritarian regimes... to spy on dissidents in the name of combating terrorism or civil unrest.” (Sc Forbes)

WhatsApp’s Bug Leaves Private Chats Compromised?




Security researchers allegedly dug up some bug which apparently lets hackers access private chats and impacts user security heavily.

Per sources, WhatsApp immediately shunned the reports and hinted that it was absolutely preposterous to even think that WhatsApp would harm its users in such a way.

The people behind the massively successful messaging application are always keen on advising users on updating and following every security measure.

iOS users are especially advised to be cautious of this bug specifically when they’re surfing unknown websites. They are suggested to securely click on websites.

Users per usual are strongly advised to update their devices to the latest, download anti-virus apps and software and keep the security on high alert.

Per the source reports, allegedly, the hacked messages from the WhatsApp chats are floated on other servers.

Users should steer clear of unauthorized websites for the sake of their safety.


Flaw in WhatsApp could allow hackers alter messages







A cybersecurity firm has unearthed flaws in the messaging app WhatsApp that could let hackers alter users messages and change the texts.

Israeli-based cybersecurity firm Check Point Research (CPR) discovered the flaw, which could be exploited in three ways,  and warned that 'malicious actors' could easily use the glitch to spread misinformation and fake news.

 The experts detailed their findings at the Black Hat cyber-security conference in Las Vegas, which was attended by many other cybersecurity experts.

They screened a video in support of their findings. The video showed how swiftly a message can be manipulated.

The team claim that they notified Facebook about the issue last year, but they did not heed to their claims, as a result, it is yet to be resolved. 

In a written statement released by the CPR's site, the company said: 'Towards the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messaging application that would enable threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources.

'We believe these vulnerabilities to be of the utmost importance and require attention.' 
However, WhatsApp spokesman declined to comment.



Facebook to rename WhatsApp and Instagram






Facebook is planning to rename its two social media platform WhatsApp and Instagram as “WhatsApp from Facebook” and “Instagram from Facebook” respectively.

It came as a shock, as many users still doesn’t know that Facebook own these popular apps.

 Till now, the company allowed both the companies to operate as independent brands. They have their own managers, employess, and even sepearate work places. 

However, in recent times, Facebook has taken steps to make WhatsApp and Instagram less independent. 

“We want to be clearer about the products and services that are part of Facebook,” a spokeswoman, Bertie Thomson of the company said.

According to the report, the new name will be displayed only on the app store pages on both Android and iOS. The new names will also be visible on the login pages. 




Israeli spyware firm NSO can mine data from social media accounts









An Israeli spyware firm has claimed that they can scoop  user data from the world’s top social media, the Financial Times report. 

The powerful malware Pegasus from NSO Group is the same spyware that breached WhatsApp data earlier this year. 

The firm said that this time their malware can scrap data from the servers of Apple, Google, Amazon, Facebook, and Microsoft. 

According to the reports of the Times, the NSO group had “told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch”.

However, the companies spokesperson denied the allegation in a in written statement to AFP’s request for comment. 
“There is a fundamental misunderstanding of NSO, its services and technology,” it said.

“NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure as listed and suggested in today’s FT article.”

In the mean time, Amazon and Google told AFP that they have started an investigation on the basis of report, but so far found no evidence that the software had breached their systems or customer accounts.




WhatsApp, Telegram Data Stored on Phones is Vulnerable to Cyber Attacks



The data saved by users onto their devices through social messaging apps, Whatsapp and Telegram is vulnerable to cyber attacks and can be exploited by malware with access to external storage, as per the security researchers at Symantec.

End-to-end encryption prevents user data from being read or secretly modified, it led users into believing that their communication is highly secured and their conversations are protected against being accessed by third-party apps. However, the findings at Symantec have made users reconsider the whole idea of data protection via encryption.

The media exchanged on WhatsApp and Telegram gets stored in either of the two storages, external or internal. Now, if the data is stored in the victim's external storage and the malware enters his mobile device, it is configured to gain easy access to these saved files and exploit it subsequently. Moreover, the malware can acquire access to this data even prior to the users, according to The Verge.

After examining the issue, WhatsApp released statements telling that the corresponding updates are under progress with Android's ongoing development.

Referencing from the statements given by a WhatsApp spokesperson, “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem. WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development,”

"WhatsApp follows guidelines from Android including: 'You should use external storage for user data that should be accessible to other apps and saved even if the user uninstalls your app, such as captured photos or downloaded files.' We store files in the same manner as other messaging apps (like Viber), email (like Gmail), and file storage apps (like Dropbox)," he added.

Commenting on the upcoming Android update, he informed, "The suggested changes here could both create privacy complications for our users and limit how photos and files could be shared."

Fake Messages on WhatsApp Asks the Users to Pay Money in Order to Continue Using the App




WhatsApp, Facebook, and Instagram suffered a social media outage on 3rd July which affected the users all across the world. As a consequence of the outage, users were not able to access the platforms properly and certain features became dysfunctional. During the outage, a lot of people in India got messages on their WhatsApp telling that the app is down due to over usage and it would be off from 11:30 PM to 6:00 AM every day. The message also asked users to forward the text message to their contacts in order to continue using the app service otherwise their account would be made inaccessible and the app services will no longer be free of charge for them.

The fake message which was circulated on WhatsApp is as follows:

“What's app will b off From 11.30pm to 6:00 am daily Declared by central govt. Message from Narendra Modi (PM) we have had an over usage of user names on WhatsApp Messenger. We are requesting all users to forward this message to their entire contact list. If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours. DO NOT ignore my words or whatsapp will no longer recognise your activation. If you wish to re-activate your account after it has been deleted, a charge of 499.00 will be added to your monthly bill. We are also aware of the issue involving the pictures updates not showing. We are working diligently at fixing this problem and it will be up and running as soon as possible. Thank you for your cooperation from the modi team. WhatsApp is going to cost you money soon. The only way that it will stay free is if you are a frequent user i.e. you have at least 50 people you are chatting with. To become a frequent user send this message to 10 people who receive it (2 ticks) and your WhatsApp logo will change color. send this to 8 people to activate the new whatsapp..
Saturday morning whatsapp will become chargeable. If you have at least 10 contacts send them this message. In this way, we will see that you are an avid user and your logo will become blue and will remain free. (As discussed in the paper today. Whatsapp will cost 0.01€ per message. Send this message to 10 people. When you do the light will turn blue otherwise whatsapp will activate billing. ITS TRUE ...... U get blue TICKS"

Likewise, another fake message claimed that WhatsApp has been sold off to Mukesh Ambani and asks users to forward the message to 10 people in order to activate the new WhatsApp along with Facebook services.

The entire message read:
"Dont ignore please read it carefully" Hello, I. Am VARUN PULYANI director of whatsapp, this message is to inform all of our users that we have sold whatsapp to Mukesh Ambani . Reliance for 19 billion $. WhatsApp is now controlled by mukesh Ambani . If you have at least 10 contacts send this sms and logo of your whatsapp will change to a new icon with facebook's "f" within 24 hours.Forward this message to more than 10 people to activate your new whatsapp with Facebook services or else your account will be deleted from new servers.
This is the final notice! Hello everyone, it seems that all the warnings were real, the use of WhatsApp cost money from November 2017. If you send this string to 18 different on your list, your icon will be blue and will be free for you. If you do not believe me see tomorrow at 6 pm ending WhatsApp and have to pay to open it, this is by law This message is to inform all of our users, our servers have recently been very congested, so we are asking you to help us solve this problem. We require our active users to forward this message to each of the people in your contact list to confirm our active users using WhatsApp, if you do not send this message to all your contacts WhatsApp will then start to charge you. Your account will remain inactive with the consequence of losing all your contacts. Message from Jim Balsamic (CEO of Whatsapp ) we have had an over usage of user names on whatsapp Messenger. We are requesting all users to forward this message to their entire contact list. If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours. Please DO NOT ignore this message or whatsapp will no longer recognise your activation. If you wish to re-activate your account after it has been deleted, a charge of 25.00 will be added to your monthly bill. We are also aware of the issue involving the pictures updates not showing. We are working diligently at fixing this problem and it will be up and running as soon as possible. Thank you for your cooperation from the Whatsapp team”

Users are advised to not believe such fake messages and avoid spreading the misinformation further by forwarding it to other users.



Global outage affecting Facebook, Instagram, and WhatsApp around the world







Social media services owned by Facebook were down for several hours for users around the world. The outage was affecting the entire ‘family of apps.’
Facebook, Instagram, and WhatsApp faced the outage from the early Morning on Wednesday, some users reported issues in uploading and downloading the images, video and audio files, while some of them faced difficulties in the News Feed. 

Facebook acknowledged the technical glitch and tweeted from their global Twitter handle stating that “We're aware that some people are having trouble uploading or sending images, videos or other files on our apps. We're sorry for the trouble and are working to get things back to normal as quickly as possible." 

The outage affected users across Asia, Europe, USA, and Africa. 

Users vented out their frustration against the three social media website on their Twitter accounts with the hashtags #instagramdown, #facebookdown and #whatsappdown, all of these hashtags were top trends on the site across the world. 

Instagram was forced to issue its own statement on Twitter. "We're sorry for the trouble and are working to get things back to normal as quickly as possible" Instagram tweeted.


Indian Government asks WhatsApp to fingerprint messages









The government of India has asked the instant messaging app WhatsApp to digitally fingerprint every message which is sent on its platform, to ensure traceability of all content. 

According to two senior government officials, WhatsApp should keep a track off a message, from where it originated, how many people read it and how many forwarded it. 

“Fingerprinting WhatsApp messages will help find the originator of the message. That is all we want,” the official said.

“We don’t want to read the messages but when we see a problematic message we should be able to go to WhatsApp to help us trace the sender,” the official further added. “They have to find a way, it is technically possible.”

After several public unrests over message forward, in December last year, the government of India has amended the Information Technology Act, which made traceability of messages compulsory for all internet platforms. 

"It is not acceptable that no one can trace any message. Somebody should be able to trace some messages sometimes. We have reached the limit of anonymity on the internet and that has to go," said official. 

However, WhatsApp declined to comment on the development.


Facebook to launch a new digital cryptocurrency





Social media giant Facebook is set to roll out a new digital cryptocurrency, Libra, next year, which would let users’ buy things as well as send money to people without any process fees. 

People would be able to make payments with the currency via    third-party wallet apps or Facebook’s own Calibra wallet that will be built into WhatsApp, Messenger and its own app. 

It is said that firms such as Uber and Visa will accept it in future.

From next year, Facebook users’ will be able to buy Libra from its platforms and then it will be stored in a digital wallet called Calibra.

The user can make payments and send money to other  users, and this whole process would instant and as easy as texting. 

"In time, we hope to offer additional services for people and businesses, such as paying bills with the push of a button, buying a cup of coffee with the scan of a code, or riding your local public transit without needing to carry cash or a metro pass,” it said. 

However, there is a big concern over how users’ money and data will be protected. 

The firm stressed that Libra would not be managed solely by the Facebook, but it would be independent, and run by a group of companies and charities- called the Libra Association.

Group of companies that are likely to accept Libra, includes
  • Payments firms such as Mastercard and PayPal
  • Digital businesses including eBay, Spotify and Uber
  • Telecoms firms such as Vodafone
  • And charities such as the microfinance group Women's World Banking.


Manipur Engineer Enters Facebook’s “Hall Of Fame 2019” By Discovering a Privacy Breach Bug



Zonel Sougaijam, a 22-year-old civil engineer, was recently honoured by Facebook for discovering a WhatsApp bug that violated the privacy of a user.

Mr. Sougaijam told PTI, in the wake of discovering the bug, that he had reported the issue to the Bug Bounty Program of the Facebook, which manages infringement of privacy matters, in March.

“During a voice call through WhatsApp, the bug used to allow the caller to upgrade it to a video call without the authorisation and knowledge of the receiver. The caller was then able to see what the other person was doing, violating the privacy of the receiver,” he said.

Zonel Sougaijam, the 22-year-old civil engineer

His report was hence acknowledged by the Facebook Security Team the immediate next day and its technical department fixed the bug under 15-20 days. The social media giant then proceeded to award him with a bounty of $5000 at the same time incorporating him in the 'Facebook Hall of Fame 2019', for detecting the WhatsApp bug.

Sougaijam's name is right now at the 16th position in a rundown of 94 people, in the 'Facebook Hall of Fame' for the current year.

Facebook had obtained Instagram in 2012 and WhatsApp in 2014. The organization has been entangled in data privacy concerns and political ramifications of its calculations throughout the most recent couple of years.


All it takes a WhatsApp call for the spyware to enter your phone


It’s been a day of high-profile security incidents. First there was news the popular WhatsApp messenger app was hacked. Updated versions of WhatsApp have been released, which you should install if you’re one of the more than one billion people who use the app.

WhatsApp has confirmed that a security flaw in the app let attackers install spy software on their targets' smartphones. The spyware install on a host phone via a WhatsApp call. The spyware deletes all WhatsApp call logs to become untraceable.

On Wednesday, chip-maker Intel confirmed that new problems discovered with some of its processors could reveal secret information to attacks.

What's scary about this spyware is that it can slip on any WhatsApp users' smartphone without giving the slightest clue that their devices have been infected. All it takes is a WhatsApp call.

The WhatsApp news was revealed first by the Financial Times, which says the bug was used in an attempt to access content on the phone of a UK-based human rights lawyer.

That has left many of its 1.5 billion users wondering how safe the "simple and secure" messaging app really is. How trustworthy are apps and devices?

No. Messages on WhatsApp are end-to-end encrypted, meaning they are scrambled when they leave the sender's device. The messages can be decrypted by the recipient's device only.

WhatsApp is arguably one of the most popular social messaging apps in the world. In the recent times, the Facebook-owned social messaging app has been under fire owing to the rampant spread of misinformation on its platform. But never has the app been under seige by a malware. That is until now.

WhatsApp has rolled out an update to its servers. It has also rolled out a security patch on to its Android and iOS apps to safeguard your phone data. Software patches have been released by several vendors, including Microsoft. You should install security updates from vendors promptly, including these.

Targeted Surveillance Attack on Whatsapp





The Facebook owned entity was recently a target of the hackers who had the option to remotely install surveillance softwares on phones and different devices utilizing a rather major vulnerability in the messaging app.

The attack incorporated of attackers utilizing WhatsApp's voice calling function to ring a target's device and regardless of whether the call was not received or not, the surveillance software could be installed. As per the Financial Times report which also speculates that the surveillance software included was created by an Israeli firm NSO Group, the call would frequently disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to recognize the flaw. It imparted that info with human rights groups, chose the security vendors and the US Department of Justice prior this month.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

WhatsApp said it was too soon to realize what number of users had been affected by the vulnerability, in spite of the fact that it included that the suspected attacks were exceptionally focused on. As indicated by the New York Times, one of the general populations targeted on was a London-based lawyer associated with a claim against the NSO Group.

Although a fix was “rolled out “on Friday, on Monday, WhatsApp requested the majority of its 1.5 billion users to update their applications as an additional precautionary measure.

How to update WhatsApp?

Android
  1. Open the Google Play store
  2. Tap the menu at the top left of the screen
  3. Tap My Apps & Games
  4. If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  5. If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  6. The latest version of WhatsApp on Android is 2.19.134

iOS
  1. Open the App Store
  2. At the bottom of the screen, tap Updates
  3. If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  4. If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  5. The latest version of WhatsApp on iOS is 2.19.51


WhatsApp vulnerability let attackers install Israeli Spyware on phones





A new vulnerability discovered in the WhatsApp allowed attackers install a malicious code on iPhones and Android phones by ringing up a target device.

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” WhatsApp said. 

The company discovered the vulnerability and later issued a security patch, although till now, it is not known how many people have been affected by this. 

According to the reports, the attackers targeted the device by just placing a call, even if you didn’t answered a call, the malicious code could be transmitted to your phone and a log of the call often disappeared. 

WhatsApp is urging all its users to upgrade their app after it released a software update yesterday. 

'We believe a select number of users were targeted through this vulnerability by an advanced cyber actor,' WhatsApp told the Financial Times.

'This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

As per the Financial Times reports, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.


Facebook to redesign Messenger, WhatsApp, and Instagram



Facebook is coming up with a series of changes to all its social media networks including Instagram and Whatsapp.

According to its boss Mark Zuckerberg the new designs and features will focus on privacy first. The company decided to change its apps after facing widespread criticism for handling users data.

"We don’t exactly have the strongest reputation on privacy right now, to put it lightly," Zuckerberg said.

Here is list of changes in the app:

  • All the messages sent via Messenger will be end-to-end encrypted by default, and the platform will be fully integrated with WhatsApp
  • Instagram will hide like counts, but not the account owner
  • A WhatsApp secure payment service would be introduced in other countries later this year.
  • The Facebook app is being redesigned to make community groups central to the newsfeed - and the distinctive blue branding is going. The redesign is rolling out in the US and then more widely straight away.
  • Users will be able to post text, stickers or drawings on their Instagram post rather than starting it with a photo or a video. 

Other than this, Facebook has introduced a new feature called Secret Crush, which is a part of Facebook Dating. This feature will let Facebook members to tag up to nine of their crushes. 

If the recipient of the crush is also using the feature and nominates them as well, then both parties will receive a message to say they have matched.

Facebook Dating will roll out in 14 new countries, but will not be available in Europe or the US.