#WhatsApp using #microphone on Google Pixel 7, Galaxy S23 even when not in use

https://insiderpaper.com/whatsapp-using-microphone-on-google-pixel-7-galaxy-s23-even-when-not-in-use/

Paragon Graphite is a Pegasus spyware clone used in the US –

The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.

According to four [industry figures], the US Drug Enforcement and Administration Agency is among the top customers for Paragon’s signature product nicknamed Graphite.

The #malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like #Signal or #WhatsApp, sometimes harvesting the data from cloud backups – much like Pegasus does.

#spyware #US #Clone #Pegasus #NSO #DEA #ParagonGraphite #Paragon

#WhatsApp is working on complying with new #EU regulations by developing support for chat interoperability, and it will be available in a future update of the app

The European Union has recently reached an agreement on a significant competition reform known as the Digital Markets Act (DMA), which will impose strict rules on large tech companies that will have to offer users the ability to communicate with each other using different apps. WhatsApp is one of the companies that will be required to comply with the new regulations outlined in the European Union’s Digital Markets Act. This is because WhatsApp is considered a gatekeeper service since it’s a large tech platform with a substantial user base and falls within the criteria set by the DMA. With the latest WhatsApp beta for Android 2.23.19.8 update, which is available on the Google Play Store, we discovered that WhatsApp is working on complying with the new regulations:

As you can see in this screenshot, WhatsApp is working on a new section dedicated to the new regulations. Since it is still in development, this section is still not ready, it appears empty and it’s not accessible to users, but its title confirms to us that they are now working on it. WhatsApp has a 6-month period to align the app with the new European regulations to provide its interoperability service in the European Union. At the moment, it remains unclear whether this feature will also eventually extend to countries beyond the European Union.

Interoperability will allow other people to contact users on WhatsApp even if they don’t have a WhatsApp account. For example, someone from the Signal app could send a message to a WhatsApp user, even without a WhatsApp account. While this broader network can definitely enhance communication with those people who use different messaging apps and assist those small apps in competing within the messaging app industry, we acknowledge that this approach may also raise important considerations about end-to-end encryption when receiving a message from users who don’t use WhatsApp. In this context, as this feature is still in its early stages of development, detailed technical information about this process on WhatsApp as a gatekeeper is currently very limited, but we can confirm that end-to-end encryption will have to be preserved in interoperable messaging systems. In addition, as mentioned in Article 7 of the regulations, it appears that users may have the option to opt out when it will be available in the future.

https://wabetainfo.com/whatsapp-beta-for-android-2-23-19-8-whats-new/

Quiet

Encrypted p2p team chat with no servers, just Tor.

https://tryquiet.org/index.html

https://github.com/TryQuiet/quiet

Currently in developpement stage so be cautious of your data

Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In Quiet, all data syncs directly between a team's devices over Tor with no server required.

No email or phone number required, Unlike #Slack, #Discord, #WhatsApp, #Telegram, and #Signal, no email or phone number is required to create or join a #community.

End-to-end encryption, All data is #encrypted end-to-end between member devices, using Tor.

Channels, Organize chats in Slack-like channels, so conversations don't get messy.

Images, Send and receive images, with copy/paste, drag & drop, and image previews.

Files, Send and receive files of unlimited size!

Notifications, Invite links, Keyboard controls, Desktop apps

Android, Quiet works on Android, and F-Droid support is on the way.

#E2E #Chat #Quiet #Tor

Judge Orders NSO Group to Surrender Pegasus Source Code to Meta | BitDefender - March 2024

A US Judge ordered the infamous spyware developer and vendor NSO Group to turn over its source code to Meta as part of an almost four-year lawsuit.

Meta sued NSO in 2019 after the American company discovered that a zero-day WhatsApp vulnerability was used to deploy the spyware. According to a Guardian report, the NSO's spyware was allegedly used against 1,400 people in the course of just two weeks.

#Pegasus #NSO vs #Meta #WhatsApp #SourceCode

#WhatsApp, #Signal and #Telegram among apps cut from #iPhone app store to comply with censorship demand

#China ordered #Apple to remove some of the world’s most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company’s second-biggest market.

https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100

Engineers warned #Meta that nations can monitor chats; staff fear usrael is using this trick to pick assassination targets in Gaza.

https://archive.ph/o1ld8

#fb #Facebook #WhatsApp #why

🔴 Using #WhatsApp helps the israeli army pick targets in Gaza

In April 2024, +972 Magazine journalist Yuval Abraham revealed the existence of Lavender ⁠AI: a system that automatically picks bombing targets. Lavender collects information on most of the 2.3 million residents of Gaza through a system of mass surveillance, then assesses the likelihood that each particular person is active in Hamas or PIJ, giving almost every single person in Gaza a rating from 1 to 100.

The article said that the current commander of #Unit8200 wrote in a guide book for Lavender ⁠AI that the features being used to select targets include “being in a WhatsApp group with a known militant, changing cell phone every few months, and changing addresses frequently.”

“The sources told +972 and Local Call that, during the first weeks of the war, the army almost completely relied on Lavender.” Israel has deployed additional automated systems, e.g., ‘Where's ⁠Daddy’ signals when a target has entered his family home.

Last week, The Intercept wrote that many WhatsApp employees fear that Israel has been using a vulnerability based on traffic analysis. According to their assessment: “[Deep Packet] Inspection and analysis of network traffic is completely invisible to us, yet it reveals the connections between our users: who is in a group together, who is messaging who, and (hardest to hide) who is calling who”... [A typical threat is due to peer-to-peer calls between users, which can be disabled on Telegram since many years ago but on WhatsApp only since Nov ⁠8, 2023 ⁠!]

And worse ⬇
#why

⋯ It is possible that WhatsApp's parent company is collaborating with Israel to help it fight ‘terrorism’.

In his blog, Paul Biggar, founder of Tech For Palestine, asks “whether [the Israeli forces] get this information from Meta”⁠ directly? “Why has Meta not released their transparency report for the 2nd half of 2023? [...] Will Meta immediately rescind access to any WhatsApp information from the Israeli government, army, and law enforcement?”

He recalls that Meta's “Chief Information Security Officer, Guy Rosen, is their most senior policy decision maker. He is Israeli, lives in Tel Aviv, and was in Unit 8200. Unit 8200 is the Israeli NSA and is the department that built and runs Lavender. Insiders tell me that Rosen is the person most associated with the anti-‘anti-zionism’ policies, and is also responsible for the suppression of Palestinian content.”

Mark Zuckerberg, Meta founder and CEO, has been a “significant supporter of Israel's propaganda”. For example, he donated $125k to ZAKA - one of the groups that created Oct ⁠7 false atrocity propaganda.

On a separate note, WhatsApp's servers store user metadata: social graphs and connection data, this could be tapped by U.S. intelligence under the FISA/PRISM programs, and part of it shared with Israel.

@FaithFrontline
#why #WhatsApp #meta #Facebook #fb #bds

#Venezuela government mafia spokesperson #Maduro deletes #WhatsApp on live TV, keeps all the other Facebook and Gapps spyware. Minions clap

#idiocracy

WhatsApp - a tool for israel to track Palestinians?

Ismail Haniyeh's son: My father used WhatsApp a lot, we even had a family group, so tracking him down was not difficult.

israel reportedly installed a malware on Haniyeh phone by WhatsApp before his assassination.

Article:

Hamas leader Ismail Haniyeh was killed after israeli terrorists installed spyware on his cell phone through a WhatsApp message to track his whereabouts that was used to launch a missile strike, Lebanese journalist Elia Manier has claimed.

Numerous reports have repeatedly suggested that the use of WhatsApp messenger to detect Palestinians has been a common practice for the israeli terrorists.

▪️The Palestinian digital rights group Sada Social earlier demanded a probe into the Israel Occupation Forces' (IOF) alleged use of #WhatsApp user data to target Hamas “suspects” in the Gaza Strip with the help of the Israeli AI-aided system, #Lavender. Both Meta (the owners of the popular messaging service) and the #IOF deny the allegations.

Update on Native #Matrix interoperability with #WhatsApp

https://matrix.org/blog/2024/09/whatsapp-dma/

#im

#Pegasus spyware maker #NSO Group is liable for attacks on 1,400 #WhatsApp users.

https://www.theverge.com/2024/12/20/24326342/meta-whatsapp-nso-group-pegasus-spyware-hack-liable

Catching Pegasus: Mercenary Spyware and the Liability of the NSO Group - CounterPunch


"On December 20, the most significant legal decision to date regarding NSO’s conduct was handed down by Senior District Judge Phyllis J. Hamilton of the US District Court for the Northern District of California.  Her judgment concerned WhatsApp’s legal suit filed in 2019 against the NSO Group, alleging that Pegasus had been installed on approximately 1,400 mobile phones and devices owned by journalists, activists and diplomats to conduct surveillance upon them.  In so doing, WhatsApp alleged that NSO had breached both the federal Computer Fraud and Abuse Act and California’s Comprehensive Computer Data Access and Fraud Act.  After five years, the case took an interesting turn with a move by WhatsApp to seek partial summary judgment."


#Pegasus #NSO #Spyware #WhatsApp #US

Analysis of #Paragon’s Graphite #Spyware Operations misusing #WhatsApp Zero-Click #exploit

https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/

https://t.me/androidMalware

■■■■□ Seven things we learned from #WhatsApp vs. #NSO Group #pegasus spyware lawsuit.

https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/

Protect Yourself From #Meta’s Latest Attack on Privacy

https://www.eff.org/deeplinks/2025/06/protect-yourself-metas-latest-attack-privacy

#fb #Facebook #Instagram #Whatsapp #why

Samsung fixes #Android #0day that may have been used to spy on #WhatsApp messages

A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…

https://www.theregister.com/2025/09/12/samsung_fixes_android_0day/

⚡️WhatsApp Head of Security Fired After Raising Privacy Concerns

The former Head of Security for WhatsApp, Attaullah Baig, has filed a retaliation lawsuit against Meta for firing him after he tried to improve security at WhatsApp.

Baig discovered through red-teaming that 1,500 engineers at Meta had production access to WhatsApp user data, including address books and contact information of friends. Even as Head of Security, he was blocked from logging access to data, creating an inventory of what was stored, or mapping the infrastructure.

When he warned leadership that WhatsApp may be in violation of its FTC order, he was met with retaliation until he was forced out. Inside WhatsApp, leadership downplayed issues and dismissed privacy concerns.

Once again, we see that user growth and profits came first—while protecting people’s privacy never seemed to matter.

🪧 Read the full article on Substack
📲 Get privacy gear
—
🫶 @takebackourtech
📩 WEBSITE & NEWSLETTER | 🎥 VIDEOS| XMPP | SUBSTACK
#WhatsApp #why #meta

📱 Critical zero-click vulnerability (CVE-2025-55177) within #WhatsApp has been leveraged in targeted #spyware operations, in conjunction with an #Apple Imagel0 flaw (CVE-2025-43300).

This combination enabled malicious actors to disseminate exploits via WhatsApp, resulting in potential data exfiltration from the user's Apple device.

The attack sequence involved:
🚫Attacker-controlled delivery
🚫Malicious DNG/remote image (Imagel0) parsing vulnerability (OOB write)
➿ Remote code execution
All occurring without user engagement.

https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/

https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html

#iphone #ios