Forgive Intrusion # 35: WhatsApps Messaging Mess

Subscribe to this bi-weekly newsletter here!

Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.

But that escalated quickly.

After users were notified of a privacy policy change earlier this month and a storm started, WhatsApp has withdrawn– for now.

The In-app alarm On January 6th, users were asked to agree to the new terms of use, which give the app the right to share some personal data such as phone number and location with Facebook. Users who did not agree to the revised policy by February 8th were advised that they would lose access to the service entirely.

The announcement created so much confusion about the data sharing agreement that WhatsApp has decided to move enforcement until May 15, a three-month delay which it hopes will “clear up the misinformation”.

The Facebook-owned company has since made it clear that the update does not expand its ability to share personal user chats or other profile information with Facebook, but merely provides more visibility into how user data is collected and shared when the messaging app is available for the Interaction is used company.

Intentional or not, this “all-or-nothing” approach failed and resulted in one Increase in registrations for competing messaging apps like Signal and Telegram.

The Indian Ministry of Technology struck WhatsApp again and asked Facebook to do it take off The update said, “The proposed changes raise serious concerns about the implications for the election and autonomy of Indian citizens.”

India is WhatsApp’s largest market with more than 400 million active users.

If anything, the development only serves to highlight the urgent need for more countries to adopt European GDPR-like data protection regulations that explicitly state how data from users is collected, processed and shared with other parties.

What’s the trend in terms of security?

Google researchers detailed a sophisticated hacking operation A Muslim prayer app called Salaat First was found exploiting vulnerabilities in Chrome and Windows to install malware on Android and Windows devices Sell ​​location datato Predicio, and Amazon’s Ring begins testing end-to-end video encryption.

  • Internet of Things or Internet of shit? A hacker locked internet-connected chastity cages made by Qiui and demanded ransom from its users. [Vice Motherboard]
  • Google researchers have described an elaborate hacking process that exploited security holes in Chrome and Windows to install malware on Android and Windows devices. They were all addressed from April 2020. [Google Project Zero]
  • The whistleblower website DDoSecrets “provided approximately 1 terabyte of this data, including more than 750,000 emails, photos and documents from five companies.” The company information was collected from dark websites after being leaked by ransomware operators. [WIRED]
  • According to researchers at Johns Hopkins University, Android and iOS do not extend encryption protection as much as possible, creating potentially unnecessary security vulnerabilities. [WIRED / Data Security on Mobile Devices]

  • While Amazon-owned Ring is testing end-to-end video encryption, it also fixed a vulnerability in the Neighbors app that was showing the exact locations and home addresses of the users who posted to the app. [TechCrunch]
  • A popular Muslim prayer app called Salaat First was found to be selling location data to Predicio, who is affiliated with a U.S. contractor who works with the Immigration and Customs Service (ICE). The incident shows how apps not only collect location data, but also the ease with which that information is traded in the location data industry. [Vice Motherboard]
  • Before Parler was banned from all platforms, it turned out that a hacker had succeeded 99% of the posts scratch from the social network “Freedom of Speech”. But how did she do it? It all came down to “deep coding and security practices.” [Ars Technica / WIRED]
  • Microsoft is planning to fix a bizarre Windows 10 bug that could damage a hard drive by just showing an icon. [Bleeping Computer]

  • The Ryuk ransomware operators are believed to have made more than $ 150 million worth of Bitcoin from ransom payments from hacking companies around the world. The payments were made from 61 deposit addresses. [Advanced Intelligence]
  • American personal information is being sold on dark web marketplaces at the cheapest prices ($ 8 per record) according to an analysis of stolen information on 40 different dark web marketplaces. Japan and the UAE have the most expensive identities, averaging $ 25. [Comparitech]
  • The last 14 days of data breaches, leaks and ransomware: European Medicines Agency, Nitro PDF, Pixlr, Scottish Environmental Protection Agency, Ubiquiti, and the United Nations.

Data point

Ransomware is now responsible for 46% of health data breaches, new research Durable has found. What’s more, over 35% All breaches involve ransomware attacks, often with financial costs.

According to cybersecurity firm Emsisoft’s’State of the ransomware‘Report, in 2020 alone, 113 Federal, state and local governments and authorities, 560 Health facilities and 1,681 Schools, colleges and universities were affected.

“While companies can never completely rule out the possibility of human error, they can design their networks in such a way that they do not collapse like houses of cards when these errors occur,” said Emsisoft researchers.

Read on: Zuckerberg is wrong about WhatsApp’s superiority over iMessage

Comments are closed.