{"id":2626,"date":"2021-01-28T02:50:35","date_gmt":"2021-01-28T02:50:35","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1335855"},"modified":"2021-01-28T02:50:35","modified_gmt":"2021-01-28T02:50:35","slug":"pardon-the-intrusion-35-whatsapps-messaging-mess","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=2626","title":{"rendered":"Pardon the Intrusion #35: WhatsApp\u2019s Messaging Mess"},"content":{"rendered":"\n<p><strong><em>Subscribe to this bi-weekly newsletter <a href=\"https:\/\/tnw.to\/newsletter\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>Well, that escalated quickly.<\/span><\/p>\n<p><span>After alerting users of a change in privacy policy earlier this month and kicking up a storm, <\/span><a href=\"https:\/\/thehackernews.com\/2021\/01\/whatsapp-delays-controversial-data.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WhatsApp has backed down<\/a><span>\u2014 for now.<\/span><\/p>\n<p><span>The <\/span><a href=\"https:\/\/thenextweb.com\/facebook\/2021\/01\/06\/heres-what-that-whatsapp-privacy-policy-pop-up-means-for-you\/\" target=\"_blank\" rel=\"noopener noreferrer\">in-app alert<\/a><span> on January 6 urged users to agree to the new terms and conditions that grants the app the right to share with Facebook some personal data about them, such as their phone number and location. Users failing to agree to the revised policy by February 8 were cautioned they would completely lose access to the service.<\/span><\/p>\n<p><span>The announcement ended up creating so much confusion about the data-sharing arrangement that <\/span><a href=\"https:\/\/thenextweb.com\/plugged\/2021\/01\/16\/whatsapp-delays-it-privacy-policy-update-by-three-months-but-whats-the-point\/\" target=\"_blank\" rel=\"noopener noreferrer\">WhatsApp has decided to postpone<\/a><span> the enforcement until May 15, a three month delay which it hopes will \u201cclear up the misinformation.\u201d<\/span><\/p>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/ec4849b4-f6e8-4bbb-990f-3334c5129347.gif\" width=\"480\" height=\"270\" data-file-id=\"60206\" data-lazy=\"true\"><\/figure>\n<p><span>The Facebook-owned company has since clarified that the update does not expand its ability to share personal user chats or other profile information with Facebook and is instead simply providing further transparency about how user data is collected and shared when using the messaging app to interact with businesses.<\/span><\/p>\n<p><span>Whether intentional or not, this \u2018all-or-nothing\u2019 approach backfired, leading to a <\/span><a href=\"https:\/\/thenextweb.com\/plugged\/2021\/01\/13\/telegram-grew-its-active-user-base-by-110-in-india-last-year\/\" target=\"_blank\" rel=\"noopener noreferrer\">surge in sign-ups<\/a><span> for rival messaging apps such as Signal and Telegram.<\/span><\/p>\n<p><span>Dealing yet another blow to WhatsApp, India\u2019s technology ministry asked Facebook to <\/span><a href=\"https:\/\/thenextweb.com\/in\/2021\/01\/19\/india-wants-whatsapp-to-retract-its-controversial-privacy-policy\/\" target=\"_blank\" rel=\"noopener noreferrer\">withdraw<\/a><span> the update, saying \u201cthe proposed changes raise grave concerns regarding the implications for the choice and autonomy of Indian citizens.\u201d<\/span><\/p>\n<p><span>With more than 400 million active users, India is WhatsApp\u2019s largest market.<\/span><\/p>\n<p><span>If anything, the development only serves to highlight the urgent need for more countries to pass European GDPR-like data protection regulations that explicitly spell out how data of users are collected, processed, and shared with other parties.<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span>What\u2019s trending in security?<\/span><\/h3>\n<p><span>Google researchers detailed a <\/span><a href=\"https:\/\/googleprojectzero.blogspot.com\/2021\/01\/introducing-in-wild-series.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">sophisticated hacking operation<\/a><span> that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices, a Muslim prayer app called Salaat First was found <\/span><a href=\"https:\/\/www.vice.com\/en\/article\/xgz4n3\/muslim-app-location-data-salaat-first\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">selling location data<\/a><span>to Predicio, and Amazon-owned Ring begins testing end-to-end video encryption.<\/span><\/p>\n<ul>\n<li>\n<span>Internet of Things or <\/span><a href=\"https:\/\/twitter.com\/internetofshit\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Internet of Shit<\/a><span>? A hacker locked internet-connected chastity cages manufactured by Qiui and demanded ransom from its users. [<\/span><a href=\"https:\/\/www.vice.com\/en\/article\/m7apnn\/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Vice Motherboard<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Google researchers detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. They were all addressed as of April 2020. [<\/span><a href=\"https:\/\/googleprojectzero.blogspot.com\/2021\/01\/introducing-in-wild-series.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google Project Zero<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Whistleblower site DDoSecrets \u201chas made available about 1 terabyte of that data, including more than 750,000 emails, photos, and documents from five companies.\u201d The corporate information was amassed from dark web sites after ransomware operators leaked them. [<\/span><a href=\"https:\/\/www.wired.com\/story\/ddosecrets-ransomware-leaks\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WIRED<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Android and iOS don\u2019t extend encryption protections as far as they could, allowing for potentially unnecessary security vulnerabilities, according to researchers at Johns Hopkins University. [<\/span><a href=\"https:\/\/www.wired.com\/story\/smartphone-encryption-law-enforcement-tools\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WIRED<\/a><span> \/ <\/span><a href=\"https:\/\/securephones.io\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Data Security on Mobile Devices<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/d295be57-de99-4a65-9b64-c121447d5056.gif\" width=\"480\" height=\"293\" data-file-id=\"60190\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>While Amazon-owned Ring is testing end-to-end video encryption, it also fixed a security flaw in its Neighbors app that exposed the precise locations and home addresses of users who had posted to the app. [<\/span><a href=\"https:\/\/techcrunch.com\/2021\/01\/14\/ring-neighbors-exposed-locations-addresses\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TechCrunch<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>A popular Muslim prayer app called Salaat First has been found to sell location data to Predicio, which is linked to a US contractor which works with the Immigration and Customs Enforcement (ICE). The incident highlights how apps not only harvest location data, but also the ease with which this information is traded in the location data industry. [<\/span><a href=\"https:\/\/www.vice.com\/en\/article\/xgz4n3\/muslim-app-location-data-salaat-first\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Vice Motherboard<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Before Parler got shut of out of all platforms, it emerged that a hacker had managed to <\/span><a href=\"https:\/\/techcrunch.com\/2021\/01\/11\/scraped-parler-data-is-a-metadata-goldmine\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">scrape 99% of the posts<\/a><span> from the \u201cfree speech\u201d social network. But how did she do it? It all came down to \u201cabysmal coding and security\u201d practices. [<\/span><a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/01\/parlers-amateur-coding-could-come-back-to-haunt-capitol-hill-rioters\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ars Technica<\/a><span> \/ <\/span><a href=\"https:\/\/www.wired.com\/story\/parler-hack-data-public-posts-images-video\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WIRED<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Microsoft says it\u2019s planning to fix a bizarre Windows 10 bug that could corrupt a hard drive just by encountering an icon. [<\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Bleeping Computer<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/8d8d40db-53c5-4745-815c-f208aec97c94.gif\" width=\"480\" height=\"293\" data-file-id=\"60194\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments by hacking companies all over the world. The payments were made from 61 deposit addresses. [<\/span><a href=\"https:\/\/www.advanced-intel.com\/post\/crime-laundering-primer-inside-ryuk-crime-crypto-ledger-risky-asian-crypto-traders\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Advanced Intelligence<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Personal information of Americans sell on dark web marketplaces for the cheapest prices ($8 per record), per an analysis of stolen information across 40 different dark web marketplaces. Japan and the UAE have the most expensive identities at an average of $25. [<\/span><a href=\"https:\/\/www.comparitech.com\/blog\/vpn-privacy\/dark-web-prices\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Comparitech<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>The past fortnight in data breaches, leaks, and ransomware: <\/span><a href=\"https:\/\/www.ema.europa.eu\/en\/news\/cyberattack-ema-update-4\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">European Medicines Agency<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Nitro PDF<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-posts-19-million-pixlr-user-records-for-free-on-forum\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Pixlr<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/scotland-environmental-regulator-hit-by-ongoing-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Scottish Environment Protection Agency<\/a><span>, <\/span><a href=\"https:\/\/krebsonsecurity.com\/2021\/01\/ubiquiti-change-your-password-enable-2fa\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ubiquiti<\/a><span>, and the <\/span><a href=\"https:\/\/threatpost.com\/hackers-breach-un-access-records\/162944\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">United Nations<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\">Data Point<\/h3>\n<p><span>Ransomware is now responsible for <\/span><strong>46%<\/strong><span> of healthcare data breaches, a new research from <\/span><a href=\"https:\/\/www.tenable.com\/blog\/tldr-the-tenable-research-2020-threat-landscape-retrospective\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Tenable<\/a><span> has found. What\u2019s more, over <\/span><strong>35%<\/strong><span> of all breaches are linked to ransomware attacks, often at a financial cost.<\/span><\/p>\n<p><span>According to cybersecurity company Emsisoft\u2019s \u2018<\/span><a href=\"https:\/\/blog.emsisoft.com\/en\/37314\/the-state-of-ransomware-in-the-us-report-and-statistics-2020\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">State of Ransomware<\/a><span>\u2018 report, in 2020 alone, <\/span><strong>113<\/strong><span> federal, state and municipal governments and agencies, <\/span><strong>560<\/strong><span> healthcare facilities, and <\/span><strong>1,681<\/strong><span> schools, colleges and universities were impacted.<\/span><\/p>\n<p><span>\u201cWhile organizations can never completely eliminate the possibility of human error, they can design their networks in such a way that they do not collapse like houses of cards when those errors occur,\u201d Emsisoft researchers said.<\/span><\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/newsletter\/2021\/01\/28\/pardon-the-intrusion-35-whatsapps-messaging-mess\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. Well, that escalated quickly. After&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2627,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/2626"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2626"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/2626\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/2627"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}