New WhatsApp RCE Vulnerability Let Remote Hackers Steal the Files in Your Android Phone Using Malformed GIF’s

A security researcher discovered a critical Double-free vulnerability in WhatsApp allows remote attackers to take control of your Android phone and Steal the files by sending malformed GIFs.

Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messanger apps with more than Billion users around the world in both Android and iPhone.
https://gbhackers.com/whatsapp-double-free-vulnerability/

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Turkey fines Facebook for breach of data protection laws

ANKARA, Turkey (AP) — Turkey’s data protection authority says it has imposed a 1.6 million Turkish lira ($280,000) fine on Facebook for contravening the country’s data laws.

The Turkish Personal Data Protection Council said Thursday that personal data belonging to 280,959 Turkish users, including their names, gender, birth dates, relationship status, religion and search history, were compromised in the data breach.
https://kvoa.com/ap-international-news/2019/10/03/turkey-fines-facebook-for-breach-of-data-protection-laws/

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

PayPal drops out of Libra, Facebook’s payments project

NEW YORK (AP) — PayPal has pulled out of Facebook’s digital currency project, known as Libra, a blow to the social media company that has faced stronger-than-expected scrutiny over its proposed creation of an alternative payments system.

The digital payments company said Friday it is withdrawing from the Libra Association so it can focus on its existing businesses.

“Facebook has been a longstanding and valued strategic partner to PayPal, and we will continue to partner with and support Facebook in various capacities,” PayPal said.
https://apnews.com/6f7cfdd7895542ccab333c8bad281bc8

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Without encryption, we will lose all privacy. This is our new battleground

The US, UK and Australia are taking on Facebook in a bid to undermine the only method that protects our personal information

More Info - HERE

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Mark Zuckerberg signals Facebook won't return to China as he calls on tech firms to defend free speech

Facebook has effectively given up on bringing its services to China, its chief executive Mark Zuckerberg has confirmed, signalling a decisive end to the social media giant's ambition to enter that market.

In a speech at Georgetown University in Washington DC, he said that Facebook had tried and failed to reach agreement with the Chinese government over internet censorship and government access to users' personal data.
https://www.telegraph.co.uk/technology/2019/10/17/mark-zuckerberg-signals-facebook-wont-return-china-calls-tech/

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Zuckerberg defends Facebook’s currency plans before Congress

WASHINGTON (AP) — Facebook CEO Mark Zuckerberg endured hours of prickly questioning from lawmakers Wednesday as he defended the company’s new globally ambitious project to create a digital currency while also dealing with widening scrutiny from U.S. regulators.

Representatives also grilled Zuckerberg on Facebook’s track record on civil rights, hate speech, privacy and misinformation — not surprising given the litany of scandals Facebook has been dealing with over the past two years.
https://apnews.com/dbfdd58cefe846c7ac82457c2b9e0ea5

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Why the Facebook News tab shouldn’t be trusted

Are we really doing this again? After the pivot to video. After Instant Articles. After news was deleted from the News Feed. Once more, Facebook dangles extra traffic, and journalism outlets leap through its hoop and into its cage.

Tomorrow, Facebook will unveil its News tab [Update: Here’s the announcement and our coverage]. About 200 publishers are already aboard, including The Wall Street Journal and BuzzFeed News, and some will be paid. None seem to have learned the lesson of platform risk.

https://techcrunch.com/2019/10/24/facebooks-news-not-yours/

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Instagram expands ban on suicide content to cover cartoons and memes

Instagram has expanded a ban on graphical self-harm imagery to include a broader range of content depicting suicide, including fictional illustrations of self-harm and suicide methods such as drawings, cartoons and memes.

https://techcrunch.com/2019/10/28/instagram-expands-ban-on-suicide-content-to-cover-cartoons-and-memes/

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Facebook says 100 software developers may have improperly accessed user data

The company in September said it had suspended tens of thousands of apps as a result of an investigation into its software developer ecosystem following the Cambridge Analytica scandal.

Facebook on Tuesday disclosed that as many as 100 software developers may have improperly accessed user data, including the names and profile pictures of people in specific groups on the social network.
https://www.nbcnews.com/tech/security/facebook-says-100-software-developers-may-have-improperly-accessed-user-n1076881

Read Via Telegram

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Experts Comments On Facebook Reveals Another Privacy Breach, This Time Involving Developers

Facebook has quietly revealed another privacy breach involving approximately 100 developers. On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible.

Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information.

https://www.informationsecuritybuzz.com/expert-comments/experts-comments-on-facebook-reveals-another-privacy-breach-this-time-involving-developers/

Earlier Topic - HERE

#deletefacebook #FacebookDigitalGangsters #deleteinstagram #deletewhatsapp
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN

Whatsapp blamed own users for failure to keep phone number repo off Google searches

An infosec researcher reckons Whatsapp was a bit too quick off the mark to blame its users when hundreds of thousands of phone numbers, names and profile pictures were found to be easily accessible via Google.

Athul Jayaram, a self-described “full time bug bounty hunter”, published a blog post earlier this week highlighting that a large number of Whatsapp users’ mobile numbers could easily be found by searching Google for the domain “wa.me”.

That domain formed part of Whatsapp’s Click to Chat function. If you, the owner of a Whatsapp account, fancied letting world+dog add you as a new chat contact rather than going through the tedious process of tapping their phone number into yours, digit by digit, you could generate a QR code (yes, one of those things 🤦‍♂️…) for them to do so.

Billed as a feature for businesses wanting to make customer communication easier, Click to Chat QR shortcodes resolved to https://wa.me along with a unique URL string. The unique string just happened to be the full phone number of the user.

https://www.theregister.com/2020/06/12/whatsapp_google_search_results_blunder/

Earlier Post - HERE

#WhatsApp #deletewhatsapp

Don’t Use WhatsApp - I gathered 17 reasons why not to use WhatsApp (which you can send to friends & colleagues when they ask why you don't use WhatsApp)

💡 Reasons Why You Should Not Use WhatsApp:

❗️ The founder of WhatsApp – Brian Acton – tweeted on March 21st 2018: “It is time. #deletefacebook”

❗️ WhatsApp is forced to disclosed encrypted messages to authorities

❗️ Brian Acton admits: “I sold my users’ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.”

❗️ Jan Koum left Facebook over data privacy issues.

❗️ WhatsApp had a security issue with the way it handles video which allowed hackers to take control of your phone

❗️ WhatsApp commits major security errors on a regular basis, which are suitable for surveillance

❗️ Jeff Bezos, the richest man in the world, has been hacked due to WhatsApp’s security flaws

❗️ Facebook is collaborating with the NSA and FBI

❗️ WhatsApp was used to target 100 journalists and dissidents

❗️ United Nations officials are banned from using WhatsApp

❗️ WhatsApp disclosed 12 security flaws in 2019, including 7 classified as “critical”

❗️ EU Commission orders staff to switch from WhatsApp to Signal

❗️ Facebook’s executives proposed to weakening its encryption to enable easier access for businesses

❗️ Facebook is “the biggest surveillance-based enterprise in history”

❗️ WhatsApp ranked worst for user’s data privacy in internet snooping report

❗️ WhatsApp messages are stored unencrypted on iCloud or Google Drive

❗️ Telegram is banned in countries like Russia and Iran while WhatsApp is freely available

👉🏼 Read the entire version and find all sources 👈🏼

👉🏼 Reasons Why You Should Not Use WhatsApp:
https://www.reddit.com/r/privacy/comments/gdhrw9/i_gathered_17_reasons_why_not_to_use_whatsapp/

#wa #DeleteWhatsApp #fb #DeleteFacebook #DontUseWhatsApp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Messenger service: BKA can also read your WhatsApp

Encrypted communication poses major problems for the security authorities. According to research by WDR and BR, however, the BKA has long been able to read chats via WhatsApp - via a regular function.

Only with a great deal of effort, such as the use of state spy software, the so-called "state Trojan", encrypted chats can be monitored by criminals - this is what the security authorities used to say. Monitoring communications via messenger services such as WhatsApp is one of the greatest challenges for law enforcement agencies, he says. Since the providers of the programs do not allow the authorities to read them secretly, they are in fact forced to use spy software.

According to research by BR and WDR, however, the Federal Criminal Police Office (BKA) has been able to monitor communications via WhatsApp for several years - even without having to install monitoring software on the target person's mobile phone.

Regular WhatsApp function used
According to this, the BKA department "Information Technology Surveillance" (OE 24) has apparently found a way to access encrypted WhatsApp chats. "The BKA has a method that can make it possible to trace text, video, image and voice short messages from a WhatsApp account in real time," according to an internal letter from the police authority. The WhatsApp contacts of a target person could also be "made public" in this way.

Apparently, investigators are using the possibility that WhatsApp can also be controlled via the Internet browser. This function is called "WhatsApp Web". It is a regular function, as the investigators emphasize in their letter. However, in order to be able to perform such an action, the investigators must have temporary access to the target's mobile phone and then synchronize the chats with the WhatsApp browser version. Only then can the investigators read along unnoticed.

In the opinion of the BKA, this method is surveillance in accordance with Section 100a of the Code of Criminal Procedure - i.e. regular telecommunications surveillance with a court order. Although chat histories can be read extensively, this is not surveillance as for example through the use of the so-called state Trojan.

👀 🇩🇪 👉🏼 https://www.tagesschau.de/inland/bka-whatsapp-101.html

#wa #DeleteWhatsApp #germany #BKA #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

WhatsApp Has Shared Your Data With Facebook for Years, Actually

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016.

Some media outlets and confused WhatsApp users understandably assumed that this meant WhatsApp had finally crossed a line, requiring data-sharing with no alternative. But in fact the company says that the privacy policy deletion simply reflects how WhatsApp has shared data with Facebook since 2016 for the vast majority of its now 2 billion-plus users.

https://www.wired.com/story/whatsapp-facebook-data-share-notification/

#whatsapp #DeleteWhatsapp #facebook #DeleteFacebook #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Telegram 7.4 now allows import of WhatsApp chats (and others)

Telegram has a nice feature for users who want to switch from WhatsApp to Telegram, for example. With the new version 7.4, which is currently being distributed for iOS, you can quickly import messages from WhatsApp into Telegram. We have tested this and it works perfectly, at least for text messages.

In WhatsApp, you go to a chat and click on the contact at the top, which takes you to the contact info - where you will probably also find the item "Export chat". This can be done with or without media. This ensures that the chat can be exported - but if you select Telegram and the person in question as the storage location, the chat is imported from WhatsApp into Telegram.

What we noticed: Media is not displayed, only the file names. Text chats, on the other hand, are correctly ported from WhatsApp to Telegram. That could certainly help one or the other. And if not, you can export the chat and save it as a ZIP file locally - the archive will then contain the text file and the media. Telegram also mentions Line and Kakao Talk as possible export messengers in the changelog.

https://stadt-bremerhaven.de/telegram-7-4-erlaubt-import-von-whatsapp-chats-und-weiteren/

#telegram #tg #whatsapp #DeleteWhatsapp #messenger #importieren #chats
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

You should delete your WhatsApp ASAP

WhatsApp has always been a privacy nightmare. Use Signal and Matrix if you care about your privacy and security!

https://www.youtube.com/watch?v=shpiVm1qpnw

#DeleteWhatsApp #privacy #security #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Sudden New Warning Will Surprise Millions Of WhatsApp Users

A nasty new surprise for WhatsApp’s 2 billion users today, with the discovery of an alarming security risk. Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works.

This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right.

“This is yet another worrying hack,” warns ESET’s Jake Moore, “one that could impact millions of users who could potentially be targeted with this attack. With so many people relying on WhatsApp as their primary communication tool for social and work purposes, it is alarming at what ease this can occur.”

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world’s most popular messenger focuses on mandating new terms of service to enable Facebook’s latest money-making schemes, these much-needed advancements remain “in development.”

https://nitter.pussthecat.org/0xDUDE

https://www.forbes.com/sites/zakdoffman/2021/04/10/shock-new-warning-for-millions-of-whatsapp-users-on-apple-iphone-and-google-android-phones/

#warning #whatsapp #DeleteWhatsapp #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

WhatsApp's new privacy policy is so bad it might be illegal

A German data protection agency has opened proceedings

WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.

The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.

Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."

The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.

The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.

https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/

#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv

How a WhatsApp status loophole is aiding cyberstalkers

Cyberstalkers typically like to collect as much information about their target as possible. They want to know where they are at any given moment; who they’re meeting; who they’re talking to; what their texts say; who they’re emailing; what they’re browsing for online. Knowledge is power, and having this level of power over someone is intoxicating, dangerous and profoundly unethical.

To combat the rise in cyberstalking behaviours, and to keep people safe, software developers are increasingly held to account for higher levels of privacy in their platforms and products. But the world of cyberstalking is a very grey one.

What one person regards as stalking, another may see as protecting a loved one. To this point, while Google has banned advertising for stalkerware on its app store, Google Play, countless tracking and monitoring apps get around this ban by claiming to help parents track and monitor their childrens’ online activity, location, messages and more.

https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/

#whatsapp #DeleteWhatsapp #cyberstalkers #onlinestatus #tracker #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Tracking the WhatsApp habits of 5000 random Smartphones

In the previous blog post, we have seen that this is quite simple to hack the WhatsApp online status of a contact. A simple Online or last seen yesterday at 19:00 insight can be reverse engineered to leak phone habits at a couple of seconds accuracy.

‼️ There is an even more silly thing not mentioned yet: You can track any mobile phone ! So let’s play and scale to track 5000 random numbers.

Like previously, I am sharing the source code as a PROOF OF CONCEPT. You can jump straight to the end if you are more curious about the results than by the technical stuff I’m about to resume. We are reusing the previous code with Node.js, Puppeteer & Grafana.

https://jorislacance.fr/blog/2021/04/16/whatsapp-tracking-2

💡 Hack the WhatsApp status to track contacts
https://jorislacance.fr/blog/2020/04/01/whatsapp-tracking

💡 How a WhatsApp status loophole is aiding cyberstalkers
https://t.me/BlackBox_Archiv/2018

💡 Sudden New Warning Will Surprise Millions Of WhatsApp Users
https://t.me/BlackBox_Archiv/1987

💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042

#DeleteWhatsapp #user #tracking #whatsapp #thinkabout #change
📡 @nogoolag 📡 @blackbox_archiv