What’s up with Whatsapp?

Image result for whats app

You may have seen the numerous press articles this week advising you to update your Whatsapp. The advice came from Whatsapp, which has 1.5 billion users and is owned by Facebook.

The reason for asking people to update the app on their smartphones was the discovery that hackers had been able to remotely install surveillance software on phones via a “major vulnerability” in the app. According to the BBC, WhatsApp said the attack targeted a “select number” of users and was orchestrated by “an advanced cyber-actor”.

Facebook discovered the flaw in the technology earlier this month. It threatened to break Whatsapp’s promise to its users of being a secure” communications app with messages that are end-to-end encrypted. This means they should only be displayed in a legible form on the sender or recipient’s device. However, the surveillance software would have let an attacker read the messages on the target’s device.

The Whatsapp team found a fix for the problem last Friday, after which people could download the new app without the ‘bug’, although some users appeared to be disgruntled that Facebook hadn’t published any notes about the fix itself.

It is likely that those whose phones may have been targeted by the hackers are “Journalists, lawyers, activists and human rights defenders,” Ahmed Zidan of the Committee to Protect Journalists told the BBC.

How did hackers use the security flaw?

One thing they did was use Whatsapp’s voice call function to ring a target’s phone. Even if the target didn’t answer the call, the surveillance software was installed on their phone. Furthermore, the call was removed from the call log, so the person who didn’t answer it, wouldn’t even see that they had missed a call from an unknown number.

Facebook and Whatsapp told the press on Monday: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”

It also issued a briefing to security specialists stating, “”A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

The attack was old-fashioned

As Professor Alan Woodward pointed out, this is a “pretty old-fashioned” method of attack. He explained what happened: “A buffer overflow is where a program runs into memory it should not have access to. It overflows the memory it should have and hence has access to memory in which malicious code can potentially be run. If you are able to pass some code through the app, you can run your own code in that area. In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work.”

We don’t know how many people were targeted in this attack, and there are some questions that remain to be answered about whether updating the app on your phone effectively removes the spyware in its entirety. Furthermore, WhatsApp has not said whether the attack could extend beyond WhatsApp and reach other personal data on the phone.

But, even if you are not a journalist, a lawyer or a human rights activist, download the new version of the app, because as always it is better to be safe than sorry.

 

 

 

 

 

 

 

5 technologies disrupting banking by 2023

Over the next five years banking is going to change dramatically and will be nothing like we know it today. The changes will come due to technology and will provide financial institutions with both opportunities and challenges.

The global recession put a spotlight on banks; these institutions were largely responsible for the near-collapse of economies and although they have weathered the storm, people’s trust in them has not been restored.

Out of the failure of financial institutions came the bitcoin protocol and blockchain technology. This was followed by the arrival of fintech startups and neobanks, both of which threaten the consumer account monopoly enjoyed by retail banks, which is referred to as ‘legacy’ in the financial media. According to various consultancies, new players could capture up to a third of incumbent banks’ revenues in the next 2–3 years. If banks don’t respond to this, they are in danger of disappearing.

However, there is good news for the traditional banks: the new technologies that are threatening the banking industry also present significant opportunities. They can leverage big data and advanced analytics to improve customer experience, as well as build trust, loyalty and revenues. Dan Cohen, SVP at Atos, said: “Banks are at a crossroads. Continuous fintech innovation and new technologies such as blockchain are disrupting the market. While it creates threats, it also opens multiple opportunities for financial services to reinvent themselves and thrive.”

Here are five of the technologies that will advance fintechs and potentially cause more disruption in the banking sector, unless the banks are agile enough to incorporate them.

1. A hybrid cloud

Cloud computing tech has gone mainstream in banks pretty fast. It was found that at least 75% of bankers said their most successful cloud initiatives had already achieved expansion into new industries, creation of new revenue streams, and expansion of their product/services portfolio.

2. APIs

The combination of open platform banking and open APIs will change the entire banking ecosystem in its current state. In this scenario, the bank will serve as a platform, on top of which third-party companies can build their own applications using the bank’s data.

3. Robotic process automation

Robotic process automation (RPA) has helped banks and credit unions accelerate growth by executing pre-programmed rules across a range of structured and unstructured data.

4. Instant payments

Consumer demand for instant payments is on the increase. With instant payments, more transactions will be made digitally instead of in cash, which means that payments will become less expensive and more user friendly.

5. Artificial Intelligence (AI)

The benefits of AI in banks and credit unions are widespread, reaching back office operations, compliance, customer experience, product delivery, risk management and marketing to name a few

The Malware Hunter

Avoiding malware, which can invade your computer via phishing emails or malicious sites, is a common preoccupation. You only have to click on the wrong thing and you’ve caught a ‘botnet’ that may attack your business website or spread a virus.

But, now it looks like help is on the way, albeit in a rather unusual, roundabout way. Netlab 360 has identified a type of botnet that can search for specific malware infections without harming your computer. What is more, once it has hunted down and eliminated the ‘bad botnet’, it deletes itself from your computer.

Netlab 360 engineer, Hui Wang, has called it ‘Fbot’, although nobody knows who created it, which is one of the interesting parts of this story. But, whoever is responsible for it, has basically designed a bot that does a much-needed job.

The way it works is like this, according to Jon Christian writing in futurism.com: “Fbot first infects computers that leave a specific port vulnerable to attack. Then it searches its new hosts for a piece of malware called com.ufo.miner, which uses infected computers to mine the cryptocurrency Monero — and eradicates it.”

Wang says, “So far, the only purpose of this botnet looks to be just going after and removing another botnet.” Other unusual aspects of the bot are:

· The bot does not use traditional DNS to communicate with the C2, instead, it utilises blockchain DNS to resolve the non-stand C2 name musl.lib.

· It appears to have strong links to the original satori botnet.

Coindesk has also commented on the new discovery, saying “Unusually, the botnet code is linked to a domain name accessible, not through a standard domain name system (DNS), but a decentralized alternative called EmerDNS that makes addresses harder to trace and shut down.”

And researchers also pointed out: “The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names).”

Either way, everyone is extremely curious about who is behind the botnet — is it somebody working with good intentions, or is it a hacker trying to remove the competition. Perhaps we will never know.

Every search you make…is being watched

That moment when we all went out and bought smartphones was a game changer for our personal privacy as Tyler Elliott Bettilyon discusses on Medium.

We never imagined at the time how these expensive gadgets would impact on our lives; all we could see that they made our lives easier, but at what cost?

In China, surveillance apparatus is increasingly sophisticated. There is facial recognition technology connected to CCTV cameras and police officers will soon have cameras inside their sunglasses. There may also be drones disguised as birds. Worse still, Chinese citizens are being asked (demanded) to install software in their phones that tracks their downloads and if you’re Chinese and visit a site banned by the government, you lose points from your “social credit score.”

But that’s China, you’re probably thinking. This is a Communist regime that has always controlled how people act and think. It isn’t like that in more democratic countries. Unfortunately the response to that is, “Don’t be so sure.”

Take a look at the surveillance tools the USA has. The NSA’s PRISMprogramme collects masses of data about internet traffic — including yours! That’s why Edward Snowdon blew the whistle on it and revealed how the NSA might be breaking the rules of privacy.

And Europe is no more private. It also has an array of online surveillance tools that it uses in the name of ‘security’. And if you keep sending out the message that we are all in danger, then the citizens of Europe give governments a free pass to collect whatever data they want. They don’t consciously allow it; they passively accept it.

And, online censorship is on the rise as the world becomes more authoritarian. A 2017 report Freedom on the Net details how our freedoms are being curbed year after year. It says: “Nearly half of the 65 countries assessed in Freedom on the Net 2017 experienced declines during the coverage period, while just 13 made gains, most of them minor. Less than one-quarter of users reside in countries where the internet is designated Free, meaning there are no major obstacles to access, onerous restrictions on content, or serious violations of user rights in the form of unchecked surveillance or unjust repercussions for legitimate speech.”

But it isn’t just governments that are watching you; it’s Facebook, Google and the like who are analysing your every move in order to push adverts at you. The Cambridge Analytica scandal showed us how the data they collect can be ‘weaponised’ for political ends.

Perhaps you are very security conscious about your personal data and take all the recommended steps (and more) to protect yourself. But, the web has many vulnerable points you may pass through without your knowledge and that leaves you exposed. These include your friends keeping texts from you, photos of you taken by friends stored on Facebook and Google keeping track of your search history. Yes, you can turn Google tracking off — if you can actually find where to do that. However, ultimately the only way to stay secure is never to send your data via the internet. Or, get yourself a Tor browser. This is a system that attempts to hide source and destination IP addresses by using several proxies. And even then there are still vulnerabilities.

Finally, personal actions to protect our personal data will never be enough: it will require collective action to overcome the Big Brother machinations of the large agencies like the NSA. Bringing the issues to the attention of more internet users is vital to achieve this, then perhaps we can start to solve the problem and pack up our paranoia.