Connect with us

TECH

Hackers Exploit WhatsApp Flaw To Install Spyware

Published

on

A security flaw in WhatsApp, one of the most popular messaging apps in the world, allowed sophisticated attackers to install spyware on phones, the company said on Tuesday, in the latest trouble for its parent Facebook.

The vulnerability — first reported by the Financial Times, and fixed in the latest WhatsApp update — allowed hackers to insert malicious software on phones by calling the target using the app, which is used by 1.5 billion people around the world.

The FT cited a spyware dealer as saying the tool was developed by a shadowy Israel-based firm called the NSO Group, which has been accused of helping governments from the Middle East to Mexico snoop on activists and journalists. Security researchers said the malicious code bore similarities to other tech developed by the firm, according to The New York Times.

The latest exploit — which impacts Android devices and Apple’s iPhones, among others — was discovered earlier this month and WhatsApp scrambled to fix it, rolling out an update in less than 10 days.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a spokesperson said in a statement to AFP.

The firm did not comment on the number of users affected or who targeted them, and said it had reported the matter to US authorities.

The breach is the latest in a series of issues troubling WhatsApp’s parent Facebook, which has faced intense criticism for allowing its users’ data to be harvested by research companies and over its slow response to Russia using the platform as a means to spread disinformation during the 2016 US election campaign.

Highly invasive software

The WhatsApp spyware is sophisticated and “would be available to only advanced and highly motivated actors”, the company said, adding that a “select number of users were targeted”.

“This attack has all the hallmarks of a private company that works with a number of governments around the world” according to initial investigations, it added, but did not name the firm.

WhatsApp has briefed human rights organizations on the matter, but did not identify them.

The Citizen Lab, a research group at the University of Toronto, said in a tweet it believed an attacker tried to target a human rights lawyer as recently as Sunday using this flaw, but was blocked by WhatsApp.

The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates. Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target’s phone camera and microphone, and access data on it.

The firm said Tuesday that it only licenses its software to governments for “fighting crime and terror”.

The NSO Group “does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions”, it said in a statement to AFP.

“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.”

Advertisement
Comments

TECH

ABC of US ban on Huawei

Published

on

With the suspension of some business by Google with Huawei, the Chinese technology giant will immediately lose access to updates to the Android operating system except those available through an open source licence.

President Donald Trump had extended the trade war he stoked between America and China to Huawei. In what appears to be worry over security, White House had also shunned the 5G technology which Huawei has been championing.

Huawei said it has made substantial contributions to the development and growth of Android around the world.

“As one of Android’s key global partners, we have worked closely with their open-source platform to develop an ecosystem that has benefitted both users and the industry.

“Huawei will continue to provide security updates and after sales services to all existing Huawei and Honor smartphone and tablet products covering those have been sold or still in stock globally.

“We will continue to build a safe and sustainable software ecosystem, in order to provide the best experience for all users globally,” Huawei said.

Analysts said with the development, the next version of Huawei’s smartphones outside China will also lose access to popular applications and services such as Gmail.

Alphabet’s Google has suspended business with Huawei that requires the transfer of hardware, software and technical services except those publicly available via open source licensing, a source familiar with the matter told Reuters on Sunday, in a blow to the Chinese technology company that the US government has sought to blacklist around the world.

The move could hobble Huawei’s smartphone business outside China as the tech giant will immediately lose access to updates to Google’s Android operating system.

The next version of its Android smartphones will also lose access to popular services including the Google Play Store and Gmail and YouTube apps.

“Huawei will only be able to use the public version of Android and will not be able to get access to proprietary apps and services from Google,” a source said.

The Trump administration last week Thursday added Huawei Technologies to a trade blacklist, immediately enacting restrictions that will make it extremely difficult for the company to do business with its U.S. counterparts.

On Friday the US Commerce Department said it was considering scaling back restrictions on Huawei to “prevent the interruption of existing network operations and equipment.”

It was not immediately clear whether Huawei’s access to mobile software would be affected.

The extent to which Huawei will be hurt by the US government’s blacklist is not yet known as its global supply chain assesses the impact. Chip experts have questioned Huawei’s ability to continue to operate without U.S help.

Details of the specific services affected by the suspension were still being discussed internally at Google, according to the source.

Huawei lawyers are also studying the impact of the blacklist, a Huawei spokesman said on Friday. Huawei was not immediately reachable for further comment.

Representatives of the US Commerce Department did not immediately have comment.

Huawei will continue to have access to the version of the Android operating system available through the open source license, known as Android Open Source Project (AOSP) available for free to anyone who wishes to use it.

There are about 2.5 billion active Android devices worldwide, according to Google.

But Google will stop providing Huawei with access, technical support and collaboration involving its proprietary apps and services going forward, the source said.

Huawei said it has spent the last few years preparing a contingency plan by developing its own technology in case it is blocked from using Android.

Some of this technology is already being used in products sold in China, the company has said.

In an interview with Reuters in March, Eric Xu, rotating chairman of Huawei, struck a defiant note in anticipation of retaliatory actions by U.S companies.

“No matter what happens, the Android Community does not have any legal right to block any company from accessing its open-source license,” he said.

Popular Google apps such as Gmail, YouTube and the Chrome browser that are available through Google’s Play Store will disappear from future Huawei handsets as those services are not covered by the open source licence and require a commercial agreement with Google.

But users of existing Huawei devices who have access to the Google Play Store will still be able to download app updates provided by Google.

Apps such as Gmail are updated through the store, unlike operating system updates which are typically handled by phone manufacturers and telecoms carriers, which the blacklist could affect, the source said.

The impact is expected to be minimal in the Chinese market. Most Google mobile apps are banned in China, where alternatives are offered by domestic competitors such as Tencent and Baidu.

Huawei’s European business, its second-biggest market, could be hit as Huawei licenses these services from Google in Europe.

“Having those apps is critical for smartphone makers to stay competitive in regions like Europe,” said Geoff Blaber, vice-president of research at CCS Insight.

Continue Reading

TECH

Just In: Facebook removes 265 ‘fake accounts’

Published

on

Facebook on Thursday said it had removed 265 Facebook and Instagram accounts, pages, groups and events linked to an Israeli-based firm due to what it called “inauthentic behaviour” targeting users in Southeast Asia, Latin America and Africa.

The move is part of wider efforts by Facebook to address concerns over privacy lapses and hate speech in social media.

Facebook said the “inauthentic” activity originated in Israel and focused on Nigeria, Senegal, Togo, Angola, Niger and Tunisia as well as in Latin America and Southeast Asia. “The people behind this network used fake accounts to run pages, disseminate their content and artificially increase engagement,” Nathaniel, head of cybersecurity policy at Facebook said in a statement.

He identified Israel’s Archimedes Group as the source of some of the activity. “This organisation and all its subsidiaries are now banned from Facebook, and it has been issued a cease and desist letter,” said Gleicher.

Archimedes was not immediately available for comment Gleicher said Archimedes had 65 Facebook accounts, 161 pages, 12 events and four Instagram accounts. Some 2.8 million accounts followed one or more of these pages.

He said that the individuals involved also represented themselves as locals, including local news organisations, and published allegedly leaked information about politicians. “The page administrators and account owners frequently posted about political news, including topics like elections in various countries, candidate views and criticism of political opponents,” Gleicher said.

“We’re taking down these pages and accounts based on their behaviour, not the content they posted.”

He added that around 812,000 dollars was spent for advertisements on Facebook paid for in Brazilian reals, Israeli shekels and U.S. dollars with the first ad running in 2012 and the most recent last month, Gleicher said. “We have shared information about our analysis with industry partners and policymakers,” he said.

Similarly, Amnesty International on Thursday called for Israel’s government to ensure that an Israeli company, whose spyware has been linked to a WhatsApp breach that may have targeted human rights groups, be held accountable for the way its software is used.

Amnesty on Tuesday filed a petition in Israel seeking the revocation of NSO Group’s export licence and said that it was up to the government to take a firmer stance against export licenses that have “resulted in human rights abuses.”

Israel’s Ministry of Defence declined to comment.

WhatsApp, a unit of Facebook, said on Tuesday that a security breach on its messaging app may have targeted human rights groups.

According to Eva Galperin, Director of cybersecurity at San Francisco-based Electronic Frontier Foundation, WhatsApp told human rights groups it believed the spyware used was developed by Israel’s NSO.A second person familiar with the matter also identified spyware from NSO.

Amnesty said in an emailed statement that NSO has “again and again demonstrated their intent to avoid responsibility for the way their software is used,” and that only government intervention would change that.

NSO has not commented on any specific attacks, but following the WhatsApp breach it said it would investigate any “credible allegations of misuse” of its technology which “is solely operated by intelligence and law enforcement agencies”.

NSO’s biggest shareholder, Novalpina Capital, said in a statement that it intends to bring NSO’s governance into alignment with UN principles and will seek insights from Amnesty and other groups “into how best to achieve this important goal.”

WhatsApp, one of the world’s most popular messaging tools which are used by 1.5 billion people monthly, said it had notified the U.S. Department of Justice to help with an investigation into the breach.

And it encouraged its users to update to the latest version of the app, where the breach had been fixed.

One target of the new WhatsApp exploit was a United Kingdom-based human rights lawyer, who spoke on condition of anonymity, Reuters reported on Tuesday.

The United Kingdom-based human rights lawyer is helping a Saudi dissident and several Mexican journalists mount civil cases against NSO for its alleged role in selling hacking tools to the Saudi and Mexican governments, which they alleged were used to hack into their phones.

NSO says it sells only to law enforcement and intelligence agencies pursuing legitimate targets, such as terrorists and criminals.

Novalpina, in a May 15 letter to Amnesty signed by founding partner Stephen Peel, said Novalpina was “determined to do whatever is necessary to ensure that NSO technology is used for the purpose for which it is intended.

“The prevention of harm to fundamental human rights arising from terrorism and serious crime – and not abused in a manner that undermines other equally fundamental human rights.”

Continue Reading

TECH

Facebook restricts live-streaming feature

Published

on

Facebook Inc says it is tightening rules around its livestreaming feature ahead of a meeting of world leaders aimed at curbing online violence in the aftermath of a massacre in New Zealand.

A lone gunman killed 51 people at two mosques in the city of Christchurch on March 15 while livestreaming the attacks on Facebook.

It was New Zealand’s worst peacetime shooting and spurred calls for tech companies to do more to combat extremism on their services.

Facebook said in a statement it was introducing a “one-strike” policy for use of Facebook Live, temporarily restricting access for people who have faced disciplinary action for breaking the company’s most serious rules anywhere on its site.

First-time offenders will be suspended from using Live for set periods of time, the company said. It is also broadening the range of offences that will qualify for one-strike suspensions.

New Zealand Prime Minister Jacinda Ardern said the change addressed a key component of an initiative, known as the “Christchurch Call”, she is spearheading to halt the spread of violence online.

“Facebook’s decision to put limits on livestreaming is a good first step to restrict the application being used as a tool for terrorists, and shows the Christchurch Call is being acted on,” she said in an email from her spokesman.

Read More at

Continue Reading

ADVERTISEMENT

ADVERTISEMENT

Advertisement

ADVERTISEMENT

Registration for Makeup and Gele training is ongoing for the following categories: *Beginners to Professional Training (5 Weeks) *Advanced Classes (2 weeks) *Personal Training (2 weeks) For further enquiries, please Call or WhatsApp: 08034695299

IN THE NEWS