Archive for WhatsApp

WhatsApp Now Supports Apple CarPlay

Posted in Commentary with tags , on January 29, 2018 by itnerd

I noticed something last night when I was out in the car. I had updated to the latest version of WhatsApp earlier in the day which only listed “bug fixes” in the change log. But when I plugged my iPhone into my vehicle, this popped up on CarPlay:

IMG_1197.jpg

WhatsApp had made an appearance in Apple CarPlay. That was kind of a surprise. I got a friend to help me to test it out and I found the following:

  • Siri will notify me when I have received a new WhatsApp message.
  • Siri can read messages.
  • I can now send WhatsApp Messages via Siri and it works the same way as the built in messages app.

This is a big deal as up until now, no other messaging app has ever worked in CarPlay as far as I know. I hope that means that other messaging apps like Skype and the like will make an appearance in CarPlay as well.

Advertisements

WhatsApp May Be Blocked In China

Posted in Commentary with tags , on July 19, 2017 by itnerd

The New York Times is reporting that popular messaging service WhatsApp appears t be blocked in China:

The blocks against WhatsApp originated with the government, according to a person familiar with the situation who declined to be named because they were not authorized to speak on the record about the disruption. Security experts also verified that the partial disruption in WhatsApp started with China’s internet filters.

“According to the analysis that we ran today on WhatsApp’s infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities,” said Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research start-up.

This isn’t trivial as WhatsApp has something in the area of 1.2 billion users worldwide. Thus this is going to get a lot of attention. The question is, will the Chinese government care about the blowback from this? We’ll have to watch and see.

WhatsApp & Telegram Flaw Allows Hijacking Of Accounts…. But Don’t Worry…It’s Fixed

Posted in Commentary with tags , on March 16, 2017 by itnerd

A flaw in in the web version of Telegram and WhatsApp has been discovered that via a specially crafted image, allows a hacker to hijack the account. The flaw was discovered by CheckPoint and here’s what you need to know:

The exploitation of this vulnerability starts with the attacker sending an innocent looking file to the victim, which contains malicious code.

The file can be modified to contain attractive content to raise the chances a user will open it. In WhatsApp, once the user clicks to open the image, the malicious file allows the attacker to access the local storage, where user data is stored. In Telegram, the user should click again to open a new tab, in order for the attacker to access local storage. From that point, the attacker can gain full access to the user’s account and account data. The attacker can then send the malicious file to the all victim’s contacts, opening a dangerous door to a potentially widespread attack over the WhatsApp and Telegram networks.

Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent.

For those of you who are more visual, here’s a video of the pwnage in action:

 

The good news is that this is already fixed by both parties. And better yet, the phone app appears not to be affected. Still, I’d advise that users of either web app avoid opening suspicious files and links from unknown users and flush your browser cache every once in a while.

WhatsApp Now Has Two Step Verification

Posted in Commentary with tags on February 10, 2017 by itnerd

WhatsApp is rolling out a two-step verification feature starting today. This feature will allow users to securely verify their number with a custom-generated six-digit passcode whenever they install the app on a new device.

To enable this feature, do the following:

  • Open the app
  • Tap Settings
  • Tap Account
  • Tap Two-step verification
  • Tap Enable

You will then be asked if you want to enter your email address. This is used by WhatsApp to send a link via email to disable two-step verification in case the six-digit passcode is forgotten, and also to help safeguard the account. But to help you remember the passcode, you’ll be asked for it from time to time and you can’t opt out of that.

Security Researchers Call On The Guardian To Retract WhatsApp Story

Posted in Commentary with tags on January 20, 2017 by itnerd

You’ll recall that I posted a story that detailed a story from The Guardian on what it called a “backdoor” in WhatsApp. Some security researchers have called out The Guardian for what they concluded was irresponsible journalism and misleading story. Over three dozen security researchers including Matthew Green and Bruce Schneier (as well as some from companies such as Google, Mozilla, Cloudflare, and EFF) have signed a long editorial post, pointing out where The Guardian’s report fell short, and also asking the publication to retract the story.

So, is this a backdoor or not? The lack of a definitive answer on this leaves users in limbo. Maybe both sides should work together to clear the air on this. And for bonus points, maybe Facebook who owns WhatsApp should get involved as well?

Backdoor Found In WhatsApp End To End Security

Posted in Commentary with tags on January 13, 2017 by itnerd

It seems that those who rely on the fact that popular messaging app WhatsApp appears to have a backdoor that could allow Facebook (who owns WhatsApp) to read messages as well as making it possible for the company to comply with court orders to make messages available to government bodies. Here’s what The Guardian reports:

The security backdoor was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. He told the Guardian: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

The backdoor is not inherent to the Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.

WhatsApp’s implementation automatically resends an undelivered message with a new key without warning the user in advance or giving them the ability to prevent it.

Boelter reported the backdoor vulnerability to Facebook in April 2016, but was told that Facebook was aware of the issue, that it was “expected behaviour” and wasn’t being actively worked on. The Guardian has verified the backdoor still exists.

This news is sure to send Facebook into full damage control mode as Facebook really pushes the end to end encryption feature of WhatsApp and that they can’t read your messages. It will be interesting to see how they respond to this (which they haven’t as I type this), and how WhatsApp users respond to this.

WhatsApp Rolling Out Free Encrypted Video Calling

Posted in Commentary with tags on November 15, 2016 by itnerd

In a move that will get a lot of attention, WhatsApp is rolling out it’s video calling feature that will be encrypted. The new video calling feature is rolling out on Android, iOS and Windows 10 Mobile. Here’s what the company said on a blog post that went up on Monday:

We’re introducing this feature because we know that sometimes voice and text just aren’t enough. There’s no substitute for watching your grandchild take her first steps, or seeing your daughter’s face while she’s studying abroad. And we want to make these features available to everyone, not just those who can afford the most expensive new phones or live in countries with the best cellular networks.

The reason why this will get a lot of attention is that it is going to take a direct shot at FaceTime from Apple and Skype from Microsoft. It will also get a lot of attention from law enforcement who tend not to be thrilled about anything that is online and encrypted since that takes away their ability to snoop.

If you’re a WhatsApp user and you haven’t seen this feature yet, it should appear in the coming days.