Tag Archives: WhatsApp

UK Demands Encryption Backdoor As London Terrorist Used WhatsApp Before the Attack

The government has once again started asking for backdoor in encrypted services, arguing that it can not give enough security to its citizens because the terrorists are using encrypted apps to communicate and plot an attack.

Following last week’s terrorist attack in London, the UK government is accusing technology firms to give terrorists “a place to hide,” saying Intelligence agencies must

WhatsApp, message encryption and national security

Is Whatsapp the perfect communication channel for terrorists?

The devastating terrorist attack that took place in London last week has brought grief to the UK and the rest of the world. The police that investigation into the incident has raised a number of questions, that could have far-reaching consequences.

WhatsApp and messaging encryption hits the headlines

The discovery that terrorist Khalid Masood had been using the messaging app WhatsApp shortly before the attack presents police with a problem. WhatsApp uses a technology called end-to-end encryption to encode text messages.

This encryption is intended to protect messages from being intercepted by hackers and cybercriminals. If a text is intercepted, it cannot be read without the decryption key – and only the authorised sender has that key. The text is completely garbage without decryption.

Unfortunately this also means that legal investigators cannot access those texts either – the data is completely inaccessible without access to Masood’s phone. Which means that the police may be missing vital evidence of other terrorist activities because the texts are encrypted.

UK government criticises encryption

Speaking in the media, UK Home Secretary Amber Rudd has criticised the use of end-to-end encryption, calling it “completely unacceptable”. She even went as far as suggesting that these encrypted messaging apps are “places for terrorists to hide”.

Ms Rudd’s main concern is that traditional surveillance techniques used to prevent terrorism and crime simply do not work in the age of complex encryption. As such, police and intelligence services are limited in what they can do to keep people safe.

A difficult issue globally

The London terror attack is not the first time security services have run into problems. The FBI has run into similar problems in the US too, unable to access encrypted smartphones belonging to criminals.

Service providers like Apple, Google and Facebook have complied with requests to access data in the past, but in the case of WhatsApp, they remain powerless to act. All encryption keys are specific to the phone owner – services providers like WhatsApp do not store copies, so even they cannot read messages.

Clearly there is no easy answer

.
For the majority of people, encryption is a vital tool to protecting their sensitive personal data. However criminals will exploit that anonymity – placing lives in danger in the process.

In future we may see WhatsApp and other messaging providers being forced by governments to create a “backdoor” in their apps that allows for proper surveillance. Although useful for the intelligence services, this approach could also be exploited by hackers, immediately weakening security of law-abiding citizens too.

How this situation will be resolved remains to be seen. But it could be that your favourite messaging app will undergo major changes security-wise in the near future.

The post WhatsApp, message encryption and national security appeared first on Panda Security Mediacenter.

Confide Updates App After Critical Security Issues Are Raised

The makers of the popular messaging app Confide said Wednesday it has patched multiple security vulnerabilities that could have allowed hackers to intercept messages sent using its secure end-to-end messaging platform.

4 Cybersecurity Risks We’ll Face With WhatsApp Status

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-whatsapp-status-300×225.jpg

WhatsApp –the Facebook-owned giant that really needs no introduction– is seemingly on a mission for world domination, this time, taking on Snapchat.

The instant messaging company’s new WhatsApp Status feature will allow users to privately share edited photos, videos and GIFs, with their contacts, that will disappear after 24 hours.

It’s not the first Facebook-led Snapchat Stories copycat, but it’s perhaps the most ambitious. WhatsApp, with over a billion users, have really taken on the competition here.

One of the interesting points that Whatsapp have always made sure to emphasize in their blog is the “security by default” principle which will be upheld by Stories.

In the Status feature statement, Jan Koum has said “yes, even your status updates are end-to-end encrypted.

But Is It Really As Safe As They Say?

Hervé Lambert, Retail Global Consumer Operations Manager at Panda Security says that the use of Whatsapp Status is still not risk-free:

After having carried out various studies on the behavior of people on social media, we’ve detected a few potential risks that all users of this new version of WhatsApp Status should recognize.

Your Status Will Be “Public” By Default

The default setting on WhatsApp Status will be set to public. All of your statuses will be visible to any contact you have on your phone. To some, this may entail a real invasion of privacy as most people hand out their phone number much more readily than they accept someone on social media. Think of the amount of work acquaintances or casual contacts that will have access to potentially private posts.

We have to take into consideration that we can’t tell certain details of our private lives to all our contacts. We don’t know what these people could do with this information,” adds Hervé Lambert.

Hackers Can Breach WhatsApp’s Vulnerabilities

WhatsApp certainly prides itself on being a secure app with its end-to-end encryption, and rightly so. However, the fact that it boasts millions of users still makes it a target for hackers who seek to carry out cyber attacks on large amounts of people. For these attackers, it’s a probability game; the more users they try to attack the more likely they will succeed.

Apple’s, iOS Messenger, has recently been exposed by cybersecurity experts. Though the vulnerability in that app is by no means a cause for great concern in itself, it shows that encrypted messaging apps are not impenetrable.

Ransomware

Who are these types of features usually aimed at? It’s possible that Whatsapp Status could be a ploy to encourage less tech-savvy users to cross over to more involving social media, like Facebook itself, after having tried out the new Whatsapp feature for the first time.

However, it’s safe to say that features like Status, Snapchat Stories and Instagram Stories are most popular amongst young kids who enjoy the ability to post weird and wonderful images that won’t be saved on a profile indefinitely.

Unfortunately, young people are also perhaps the most vulnerable to ransomware attacks.

The very fact that the posted statuses are less permanent leads some young people to post photos or videos that are more risqué in nature. Cybercriminals look for this kind of content online to lead vulnerable young people into paying a ransom, or carrying out undesired actions if they don’t want the content shared with the public. Caution is always advised when posting online.

Pirate “Complementary” Apps

When a new feature comes out like Whatsapp Status, there’s usually a huge buzz, and a frenzied search for new functionalities. This is something that cybercriminals try to take advantage of.

It’s important to be weary of new apps claiming to add functionalities to Whatsapp Status. This is specially the case with apps that “promise” they can bypass important functionalities. With apps like Instagram and Facebook, they usually claim they will allow you to see who’s looked at your profile. With Whatsapp Status it would be unsurprising to see some that claim to allow you to still see photos after the 24 hours have passed.

These apps are largely malicious and they draw people in by claiming to be able to bypass an integral functionality of the app. As you try to use the pirate app it could be loading ransomware onto your device. Don’t be drawn in by desires to byspass main functions of an app.

As the new WhatsApp Status feature is rolled out, more possible risks will likely come to the attention of users and cybersecurity experts. Though WhatsApp is a safe app, relatively speaking, it’s important to be careful what you post online and where. It’s not always completely clear who has access to the data.

The post 4 Cybersecurity Risks We’ll Face With WhatsApp Status appeared first on Panda Security Mediacenter.

Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug!

What is a backdoor?

By definition: “Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, ” either the backdoor is in encryption algorithm, a server or in an implementation, and doesn’t matter whether it has previously been used or not.

Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that

WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages

Most people believe that end-to-end encryption is the ultimate way to protect your secret communication from snooping, and it does, but it can be intercepted if not implemented correctly.

After introducing “end-to-end encryption by default” last year, WhatsApp has become the world’s largest secure messaging platform with over a billion users worldwide.

But if you think your conversations are

The Worst WhatsApp Scams of 2016

List of the worst WhatsApp scams for the year.

With 2016 coming to an end we wanted to put together a list of the worst WhatsApp scams for the year. As you may remember WhatsApp was acquired by Facebook back in 2014. The promising app which has been making a name for itself in recent years just got its 1 billionth customer. A quick Google search and we find out that there are nearly 2 billion smartphones in the world. With this in mind, we can easily conclude that every 2nd smartphone user in the world has WhatsApp installed on their cell phone.

This automatically gives cyber trouble makers an opportunity of having one more source they could use for tricking you into giving away personal information such as credit card details, social security number or bank details.

Here’s what you need to know to stay out of danger and not fall victim of WhatsApp scams.

Getting you to download an app

Getting a message from an unknown number that allows you a sneak peek into your friends’ WhatsApp conversations. The message may sound something like ‘All WhatsApp messages are now encrypted but this app beats the code. Find out what your best friend and your girlfriend are talking about.’

It may sound hilarious and easy to catch but you would be surprised by the number of people without antivirus protection who fall for this trick.

The Nigerian lawyer

Have you heard of the Nigerian inheritance scam? It is still out there and even in 2016 you may end up laundering money without even knowing it. People who fall for it very often give away their bank details too. It may sound very 2014 but this scam is still going on in 2016.

These guys have now migrated to sending their messages on WhatsApp. And they still send them because people still fall for it. It may be 1 in a hundred that does, or even 1 in a 1000 but people still do. Common sense and antivirus protection would save you from getting scammed.

Craigslist

Without going into details, every seller on Craigslist wishing that you communicate only via WhatsApp is a person not worth doing business with. No, you will not get that cute little labradoodle puppy if you use an archaic money transfer service to send cash to a third world country while communicating solely over WhatsApp.

The Lady from Thailand

The lady claiming to be from Thailand or the Philippines you’ve been chatting with since last month is now asking you to buy and send her the latest iPhone 7. Even though this may sound legit you can’t be sure of who she really is. Drop the chat and report it. Remember that if it is too good to be true, it most likely isn’t. Don’t be cyber prey.

The 60% off

It may be a voucher or just an invitation to fill out a survey that promises you a gift card. It sounds legit as it promises you a little prize at the end of the survey. You directly get a message that qualifies you for a huge discount on remarkably expensive watches or sunglasses.

In both cases the link forwards you to a website where you give away your name, home address, password and possibly credit card number and SSN. All you get in return are $0.20 or $0.14 transactions on your credit card statement followed by huge losses if these phishing transactions don’t get detected by your bank’s fraud department.
You may get a message about you having a voicemail, a message inviting you to download a premium app, an invitation to join a dating site with millions of single people. A website that is so secure that you are required to add your credit details to obtain membership. Just leave these scammers in 2016.

We hope you didn’t fall for any of these scams this year or simply had protection on your device to keep you away from the cyber criminals. Have a wicked 2017!

The post The Worst WhatsApp Scams of 2016 appeared first on Panda Security Mediacenter.