anikaF (@anikaF@social.vivaldi.net)
Sammelklage: #WhatsApp-Verschlüsselung angeblich unwirksam
Eine Sammelklage gegen #Meta behauptet, die Ende-zu-Ende-Verschlüsselung von WhatsApp-Nachrichten sei nur eine Fassade. Meta weist das entschieden zurück. (heise)
Fingierte News, um im Gespräch zu bleiben, da Signal andernorts viel Zuspruch bekommen hat – sprich viele Downloads in den Stores?
Tatsache ist, dass die Metadaten mit WhatsApp nicht verschlüsselt sind.
Show Original Post
knowprose (@knowprose@mastodon.social)
@robchapman well, #encryption is dubious at an academic level.
But.
Remember when the CEO of #WhatsApp resigned after #Meta bought it? Meta was weakening encryption then. That is why he said he resigned.
https://techcrunch.com/2018/04/30/jan-koum-quits-facebook/
Show Original Post
knowprose (@knowprose@mastodon.social)
@serigala_tropis I remember the old #ceo of #WhatsApp resigning because of this in the early days.
He was the canary. The rest has been a mix of suspended disbelief, vendor lock-in and Stockholm syndrome.
Show Original Post
ESETresearch (@ESETresearch@infosec.exchange)
#ESETresearch has uncovered a new #Android spyware campaign using novel romance scam tactics to target individuals in 🇵🇰 Pakistan, with an added social engineering element previously unseen in similar schemes. https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
The spyware used in the campaign, which we named #GhostChat, uses the icon of a legitimate chat app. After installation from unknown sources, login credentials and unlock codes are required to access the app and individual chat profiles, respectively.
The credentials and codes are not processed by any server and are hardcoded in the app, implying that they are probably distributed along with the app by the threat actor.
This impression of personalization and exclusive access is rarely seen in mobile threat campaigns and suggests a highly targeted social engineering effort. Under its façade lies the true purpose of the app: data exfiltration.
Upon installation, GhostChat immediately requests permissions and begins exfiltrating data – even before login. It continuously monitors new images, scans for documents every five minutes, and exfiltrates sensitive information from the device.
The GhostChat campaign is part of a broader, multiplatform, spy operation. In related activity, victims are lured into scanning QR codes on websites impersonating Pakistan’s Ministry of Defence, thereby giving the threat actors access to private #WhatsApp communications.
The same domain (buildthenations[.]info), also used to impersonate the Ministry of Defence website, mimics Pakistan’s Emergency Response Team and delivers a payload via #ClickFix, targeting desktop devices.
The operation blends mobile spyware, social engineering, and desktop exploitation, targeting users in 🇵🇰 Pakistan. Despite its specific targeting, there are insufficient similarities in TTPs to attribute this campaign to any known threat actor at this point.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/ghostchat
Read the full analysis on WeLiveSecurity: https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Show Original Post
r (@r@fed.brid.gy)
Eine Sammelklage gegen Meta behauptet, die Ende-zu-Ende-Verschlüsselung von WhatsApp-Nachrichten sei nur eine Fassade. Meta weist das entschieden zurück. #WhatsApp
Sammelklage: WhatsApp-Verschlü...
Show Original Post
serigala_tropis (@serigala_tropis@lgbtqia.space)
The lawsuit does not provide any technical details to back up the rather sensational claims. WhatsApp's end-to-end encryption has long been a major selling point. It means that Meta can’t decrypt and read your messages; the encryption keys are only stored on the devices that send and receive the messages.
"Any claim that people's WhatsApp messages are not encrypted is categorically false and absurd,” Meta told PCMag. “WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction and we will pursue sanctions against plaintiffs’ counsel."
The lawsuit, however, accuses Meta of trying "to prevent the truth from coming out by imposing onerous nondisclosure agreements on its workers, essentially threatening the full force of one of the world’s richest companies if any of these individuals dared reveal what goes on behind closed doors at the company. These efforts have now failed, but they worked for many, many years by obscuring the truth.”
Source: https://www.pcmag.com/news/lawsuit-alleges-that-whatsapp-has-no-end-to-end-encryption
Show Original Post
c_th1 (@c_th1@digitalcourage.social)
Did #WhatsApp Lie About #Encryption For A Decade?
WhatsApp just got sued for allegedly lying about end-to-end encryption, with claims that #Meta employees can access any user's #messages through a simple internal request.
While the lawsuit provides no technical proof, we'll show you the confirmed privacy issues with WhatsApp and explain why closed-source encryption is fundamentally untrustworthy.
https://techlore.tv/w/oqjQuc25Sc7xcEfavaf1Cf
Show Original Post
governa (@governa@fosstodon.org)
#WhatsApp Introduces High-Security Mode for Users Facing Advanced Threats
Show Original Post
max (@max@afterspace.rocks)
Massive Anschuldigungen
Meta kann angeblich WhatsApp Nachrichten lesen obwohl E2EE
https://www.youtube.com/watch?v=bfjyUtR5Xdk
#Meta #WhatsApp #E2EE #Lawsuit #Privacy #Bombshell
Show Original Post
robchapman (@robchapman@ohai.social)
I have to say, I am no fan of Whatsapp - but being taken to court by a company that builds and deploys spyware, (most notably;; Pegasus) because they claim that it Whatsapp is not E2EE is a bit rich!
Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
#Whatsapp #NSO #SignalProtocol #Lawsuit
Show Original Post
dani (@dani@hessen.social)
Meta kündigt für WhatApp neue "strict account settings" an, die die Sicherheit erhöhen. Im Blogbeitrag steht: "you should only turn this on if you think you may be a target of a sophisticated cyber campaign". WTF, ernsthaft?! Diese Einstellungen sind für alle wichtig und IMHO besonders Pflicht für minderjährige Nutzer:
https://faq.whatsapp.com/846698564598022
#security #privacy #datenschutz #informationssicherheit #jugendschutz #whatsapp #hardening
Show Original Post
allaboutsecurity (@allaboutsecurity@mastodon.social)
WhatsApp führt strengen Sicherheitsmodus für Hochrisiko-Nutzer ein
Mit strengen Kontoeinstellungen sollen künftig Journalisten und Personen des öffentlichen Lebens besser vor gezielten digitalen Angriffen geschützt werden.
Show Original Post