Category Archives: WhatsApp

The famous whatsApp messaging is a victim of hacking. Hackers want to get their hands on users' messages at all costs.

A website specifically dedicated to WhatsApp's security bug

A boon for cybersecurity users and researchers to have a better visibility of luck.

Now The new WhatsApp web page offers a high profile of the work done by Facebook engineers, in terms of repairing major or even minor security vulnerabilities.

The page was newly launched by Facebook a few weeks ago. Purpose: to list all security sheets that have been identified and corrected by the security team of the American social network. As you know, WhatsApp's parent company, Facebook, regularly publishes WhatsApp notes on Google PlayStore and iOS pages. Unfortunately, these description notes are not exhaustive enough in that several details are missing with respect to the presentation of security vulnerabilities that have been corrected. The general description often left by Facebook on the issue is "security corrections."

Explaining its new trend, the US giant points out that this is "due to the policies and practices of app stores." He hopes, however, that the new page will be able to function as a logbook with the main objective of providing more information on the safety of users who are interested in the security issue in terms of the application. For the details that will be published on the new page, the social network means that visitors will have access to a brief description of the detected flaw as well as an identified related to the Bugue or critical security flaw, and if this has been discovered (CVE).

With regard to the critical identifiers that will be published on the page, the social network mentions that they are primarily intended for computer security researchers who want to use them in their research or in their attempt to exploit. Or for companies that want to use it to issue alerts related to the safety of their customers.

Facebook also adds that the bugs listed or subsequently listed have not essentially been used by potential cyber criminals. It may as well be some flaws discovered internally during the various control processes. Moreover, the presence of a security flaw means that it has already been fixed by Facebook's services. In this context, the new page serves as a kind of warning in this way about always keeping its WhatsApp application up to date, to protect against possible computer attacks.

Moreover, if the new WhatsApp page is used to publish security vulnerabilities as well as notices of bugs discovered in the way used, the fact remains that before they are published, Facebook promises to inform all developers, manufacturers and libraries of the operating system or applications for mobile. "We are very committed to transparency, and this resource is designed to help the broader technology community benefit from the latest advances in our security efforts," Facebook said. "We strongly encourage all users to ensure that they keep their WhatsApp up to date from their respective app store, and that they update their mobile operating system as soon as updates are available. The social network concludes.

Now access an unlimited number of passwords:

Check out our hacking software

A bug on WhatsApp leads to the exposure of 500,000 private conversations on Google?

Maybe you know it or one, but apparently the exchanges made on the WhatsApp messaging service are indexed by search engines.

That is, Google, Bing, brave etc… This of course allows you to access an often private conversation from these (search engines). Not only can you access WhatsApp's private conversations via the search engine, it is also possible to identify the different participants in these conversations with of course free and full access to their phone number.

This article will also interest you: The boss of Amazon hacked by through WhatsApp

We know that on the WhatsApp app it is possible to engage in private or public conversations through the creation of Groups. However, when a group is created it is possible to generate a link allowing a person to access this group by simply clicking on it link. The real problem is that these public groups are indexed safely search engines.

The discovery was made by an American website called Vice, specialist in IT and COMPUTER security and other general terms. the process was not very complicated for the latter to discover this fact. they are simply to try to do research on Google, by there inserting terms that may refer to the group's name. The little experience vice showed that it was "about 470,000 group invitations" that would be accessible from Google. And this, without any protection.

Some people in their survey were able to gain access to Public WhatsApp groups from Google. Once in the group, you can have access to users' personal identifications, phone number and other profile information. "So just click on their profile, save the photo and search for an inverted image on Google to get a conclusive result on their first and last name," says an investigator Numerama, another site specializing in techs.

This problem has existed on WhatsApp since November 2019 Seems. it would seem that this is not a security breach but a programming related to the open nature of these public exchanges. It would seem that sharing functionality is the main cause. As a result, we do not might not be facing a security breach. According to the spokesperson social network WhatsApp, the fact that these links are referenced by the search engines is not something unusual. "Administrators WhatsApp groups can invite any user to join this sharing the link they have generated. Like all content are shared in public channels, invitation links that are posted publicly on the Internet can be found by other users WhatsApp."

In addition, the social network officials mentioned that it is possible to close public access to these focus groups. All it takes is for the administrators of the different groups to reset the access links, which will automatically obsolete the old ones that will no longer be useful even if they are referenced.

Now access an unlimited number of passwords:

Check out our hacking software

WhatsApp on PC, a flaw discovered on the version

For those who tend to use the WhatsApp messaging app on their computer, it was recommended that they update their software as soon as possible.

Indeed, a security flaw has recently been discovered affecting computer versions. Discovered by a researcher at PerimeterX, Gal Weizman. According to our researcher, thanks to this security flaw, it was possible for hackers to access the contents of your files by inserting JavaScript into malicious code messages remotely.

This article will also interest you: WhatsApp is not a safe messaging service according to the UN

As we speak, Facebook has already found a security fix to address the security breach. The fact remains, however, that this loophole has existed for a long time. Years they say. this is entirely plausible because WhatsApp used, on computers was based on an older version of Chromium, version that left hackers the ability to insert malicious codes a tad easily. Simply put, it is possible that anyone with the skill could have had access to the content of your computer, the messages you changed via WhatsApp, your personal files, modify them or even exfiltrate them. Hackers were allowed so many opportunities. As a reminder, the app is based on Electron, which has the main feature of facilitating the distribution of applications across multiple platforms. However, if the application is based on a web engine that is obsolete to it, security will be to be desired see existing.

It is noted that versions 0.3.9309 and all those that have preceded are affected by the security breach recently detected. However a simple update is able to protect you vulnerability.

The researcher behind the discovery of the security notified the fact that it took much longer to detect the security flaw to find a way to plug it. He will note by the further: "I think my research shows some very interesting ideas that should inspire you to explore new types of security vulnerabilities that probably exist. I encourage you to do so responsibly. and If you are a platform editor, please use this article to harden your application. It is 2020, no product should allow a complete reading of the file system from a single message. ».

Last November, another vulnerability was discovered on the WhatsApp messaging app. The title of the breach that would have been referenced at the time was CVE-2019-11931. In the dictionary of security vulnerabilities, it can be described as important. The latter was more full-bodied than the recent one. indeed with just the victim's phone number, the hacker could run a malicious program on the user's terminal remotely. To do this he had to use an mp4 file. "The bug was due to a buffer overrun, by hijacking the program a hacker could introduce instructions within the sent video. The instructions offer the ability for a person to install spyware or malware on the targeted device. We still don't know if the flaw was identified and exploited before Facebook intervened. The researcher explained.

Now access an unlimited number of passwords:

Check out our hacking software

WhatsApp is not a safe messaging service according to the UN

For a long time we must not forget that the digital messaging WhatsApp was criticized by these two creators who repeatedly say to be sorry according to the findings, of what had become their application.

Moreover, some problems and setbacks faced by Facebook, owner of digital messaging have not really been in favor of the image of the application which is one of the most used in the field. Unfortunately for them, that is, the owners of the messaging service, the case is at the center of the phone hacking of Jeff Bezos, the founder and CEO of Amazon, which will not fix their images.

This article will also interest you: The boss of Amazon hacked by through WhatsApp

Indeed, as we know the hacking succeeded via a video file sending through WhatsApp messaging, which was apparently, a gateway of hackers into the terminal of the boss of the e-commerce giant. And it's been since 2018.

WhatsApp's various campaigns to reassure its users that the messaging service is secure through its procedure end-of-one encryption, which it loses no opportunity to expose to the public, is likely to be a major blow to its credibility.

Regarding the hacking of Jeff Bezos' phone, Saudi Arabia is being singled out by its Crown Prince Mohammed bin Salman. As a result of this hacking, the United Nations has officially decreed that the WhatsApp application is not a secure communication tool. The courier service responded to this open denigration of the application. Moreover, it still doubts the fact that it is through WhatsApp that the CEO of Amazon has been spied on for more than 2 years. UN experts have been the prime suspect of the crown prince of Saudi Arabia since the investigation began. According to the international news agency Reuters, the UN has banned all of its staff, especially those responsible, from communicating through the WhatsApp app.

At this time, there is no evidence to understand exactly the UN's position that Jeff Bezos was hacked by Saudi Arabia through the Messaging App WhatsApp. Since the encryption used by the application is capable of intercepting any attempted intrusion, one asks how the exploit could have been possible. Pending the real conclusions, it would appear that the ban on using WhatsApp for United Nations officials since June 2019.

As a title recall that WhatsApp is 1.5 billion users a day worldwide. The head of the messaging app Carl Woog immediately reacted to defend his product. "Every private message is protected by end-to-end encryption to help prevent WhatsApp or others from seeing conversations. the encryption technology that we have developed with Signal enjoys a highly regarded with security experts and remains the best available to people around the world. "he explains.

For the time being, the investigation continues and the conclusion may not be long. The only information about this hacking that can be verified and recognized as a blunt truth is that Crown Prince Mohamed bin Salman is involved in this hacking. The why and how are not really or clearly known. We are therefore awaiting the final conclusions of the investigation to decide on this.

Now access an unlimited number of passwords:

Check out our hacking software

India plans to conduct WhatsApp security audit

Authorities in India have expressed a willingness to conduct a security audit of the social network's WhatsApp systems, after there was a series of computer hacking and the revelation of the existence of a malware that would take advantage of the application's vulnerabilities to exploit its users' data.

This announcement was made by the minister in charge of technology in the country. Apparently a team in charge of Indian emergency computing known as CERT-In "requested on November 9, 2019 the submission of information to WhatsApp, including the need to conduct an audit and inspection of WhatsApp's security systems and processes. Ravi Shankar Prasad served Parliament in his statement.

This article will also interest you: WhatsApp: a new vulnerability has been discovered

For its part, the social network did not comment on The subject. It is known that during the last month, e-mail had brought legal action against an Israeli company whose specialty was the monitoring and production of spyware called NSO group. WhatsApp had accused the company of helping its customers break into more than 400 users of the social network spread across the 4 Continents. People who were targeted by the various hacks that WhatsApp deplored are composed, among other things, of diplomats, two journalists, political dissidents, still officials military and military Government. There were exactly 121 people, among the which are supposed to be affected by the Pegasus spyware of the Israeli society.

As a reminder, it should be noted that India is the largest social network market with more than 400 million users, according to 2 sources from the Reuters news agency.

WhatsApp was questioned by the Indian Internet Authority who asked the network further clarifications to which the latter was willing to submit. In addition, the Indian agency also interviewed the Israeli group meaning spy program and its real impact on the Indian population. As in many cases, habituated, Israeli company has always denied selling these software to anyone. It ensures that it is limited governments.

According to the Minister for Technology, WhatsApp did not mention spyware at any time during their exchange with ministry officials. In addition, the social network informed india's Internet Agency of a computer attack that may have occurred during the month of May, during which the social network had identified and even fixed a "vulnerability that allows an attacker to insert and execute code on mobile devices. noted the minister.

For their part, the various victims of piracy computer technology via the Israeli company's software demanded from the government to make public, the application of the NSO group in this matter.

However, it is not known so far what is the main purpose of the Indian Internet authority in this witch hunt?

Now access an unlimited number of passwords:

Check out our hacking software