Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Measure twice, cut once.


dovenet / Internet / whatsapp = bad for your smartphone health

SubjectAuthor
* whatsapp = bad for your smartphone healthOgg
`* whatsapp = bad for your smartphone healthArelor
 `* whatsapp = bad for your smartphone healthOgg
  `* whatsapp = bad for your smartphone healthMRO
   `* whatsapp = bad for your smartphone healthOgg
    `- whatsapp = bad for your smartphone healthMRO

1
whatsapp = bad for your smartphone health

<633E186B.5210.dove-int@capitolcityonline.net>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=755&group=DOVE-Net.Internet#755

 copy link   Newsgroups: DOVE-Net.Internet
From: ogg@VERT/CAPCITY2 (Ogg)
To: All
Subject: whatsapp = bad for your smartphone health
Message-ID: <633E186B.5210.dove-int@capitolcityonline.net>
Date: Wed, 5 Oct 2022 12:50:00 -0400
X-Comment-To: All
Path: rocksolidbbs.com!not-for-mail
Newsgroups: DOVE-Net.Internet
X-FTN-AREA: DOVE-INTERNET
X-FTN-PID: OpenXP/5.0.51 (Win32)
X-FTN-MSGID: 723:320/1.9@dovenet 0124a3e4
X-FTN-CHRS: ASCII 1
X-FTN-SEEN-BY: 320/1
WhenImported: 20221005173803-0700 c1e0
WhenExported: 20221005211910-0700 c1e0
ExportedFrom: VERT dove-int 8544
WhenImported: 20221005195107-0400 c12c
WhenExported: 20221005203757-0400 c12c
ExportedFrom: CAPCITY2 dove-int 5210
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
 by: Ogg - Wed, 5 Oct 2022 16:50 UTC

FYI, gleened from Durov's Telegram channel, Oct 5..

[start]

"Hackers could have full access (!) to everything on the phones of WhatsApp users.

"This was possible through a security issue disclosed by WhatsApp itself (https://www.whatsapp.com/security/advisories/2022/) last week. All a hacker had to do to control your phone was send you a malicious video or start a video call with you on WhatsApp.

"You are probably thinking "Yeah, but if I updated WhatsApp to the latest version, I am safe, right"?

"Not really.

"A WhatsApp security issue exactly like this one was discovered in 2018 (https://www.cnbc.com/2018/10/10/whatsapp-bug-let-hackers-hijack-accounts-with-a-video-call-reports.html), then another in 2019 (https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537acab) and yet another one in 2020 (https://timesofindia.indiatimes.com/gadgets-news/whatsapp-reveals-six-security-issues-that-could-have-got-its-users-hacked/articleshow/77925426.cms) (tap each year's link to see the corresponding vulnerability). And yes, in 2017 (https://telegra.ph/whatsapp-backdoor-01-16) before that. Prior to 2016, WhatsApp didn't have encryption at all.

"Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental - they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added (read the post "Why WhatsApp will never be secure (https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15)" to understand why).

"It doesn't matter if you are the richest person on earth - if you have WhatsApp installed on your phone, all your data from every app on your device is accessible, as Jeff Bezos found out in 2020 (https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince). That's why I deleted WhatsApp from my devices years ago. Having it installed creates a door to get into your phone.

"I'm not pushing people to switch to Telegram here. With 700M+ active users and 2M+ daily signups, Telegram doesn't need additional promotion. You can use any messaging app you like, but do stay away from WhatsApp - it has now been a surveillance tool for 13 years.

[stop]

Personally, I find Telegram a great little comm app to use between friends.

--- OpenXP 5.0.51
* Origin: Ogg's Dovenet Point (723:320/1.9)
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

whatsapp = bad for your smartphone health

<633EB05A.3189.dove-internet@palantirbbs.ddns.net>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=756&group=DOVE-Net.Internet#756

 copy link   Newsgroups: DOVE-Net.Internet
From: arelor@VERT/PALANT (Arelor)
To: Ogg
Subject: whatsapp = bad for your smartphone health
Message-ID: <633EB05A.3189.dove-internet@palantirbbs.ddns.net>
Date: Wed, 5 Oct 2022 22:39:22 -0500
X-Comment-To: Ogg
Path: rocksolidbbs.com!not-for-mail
Organization: Palantir
Newsgroups: DOVE-Net.Internet
In-Reply-To: <633E186B.5210.dove-int@capitolcityonline.net>
References: <633E186B.5210.dove-int@capitolcityonline.net>
X-FTN-PID: Synchronet 3.19c-Linux master/d518b0159 Sep 8 2022 GCC 11.2.0
X-FTN-REPLY: 723:320/1.9@dovenet 0124a3e4
X-FTN-CHRS: CP437 2
WhenImported: 20221006042012-0700 c1e0
WhenExported: 20221006091857-0700 c1e0
ExportedFrom: VERT dove-int 8545
WhenImported: 20221006053922-0500 c168
WhenExported: 20221006061952-0500 c168
ExportedFrom: PALANT dove-internet 3189
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
 by: Arelor - Thu, 6 Oct 2022 03:39 UTC

Re: whatsapp = bad for your smartphone health
By: Ogg to All on Wed Oct 05 2022 07:50 pm

> "Hackers could have full access (!) to everything on the phones of WhatsApp users.

I have not followed the links yet, but by the sound of it, it would be an issue with the underlying
operating system Whatsapp would be running on too. IN theory a compromised appplication could only access
resources the operating system is willing to conceede to it. That is why you are supposed to give
permissions to applications to access this or that feature of the phone.

--
gopher://gopher.richardfalken.com/1/richardfalken

---
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

whatsapp = bad for your smartphone health

<633F5DCA.5212.dove-int@capitolcityonline.net>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=757&group=DOVE-Net.Internet#757

 copy link   Newsgroups: DOVE-Net.Internet
From: ogg@VERT/CAPCITY2 (Ogg)
To: Arelor
Subject: whatsapp = bad for your smartphone health
Message-ID: <633F5DCA.5212.dove-int@capitolcityonline.net>
Date: Thu, 6 Oct 2022 11:59:00 -0400
X-Comment-To: Arelor
Path: rocksolidbbs.com!not-for-mail
Newsgroups: DOVE-Net.Internet
In-Reply-To: <633EB05A.3189.dove-internet@palantirbbs.ddns.net>
References: <633EB05A.3189.dove-internet@palantirbbs.ddns.net>
X-FTN-AREA: DOVE-INTERNET
X-FTN-PID: OpenXP/5.0.51 (Win32)
X-FTN-MSGID: 723:320/1.9@dovenet 012cac72
X-FTN-REPLY: 5211.dove-int@723:320/1 27a4168c
X-FTN-CHRS: ASCII 1
X-FTN-SEEN-BY: 320/1
WhenImported: 20221006173806-0700 c1e0
WhenExported: 20221006211862-0700 c1e0
ExportedFrom: VERT dove-int 8546
WhenImported: 20221006185922-0400 c12c
WhenExported: 20221006203759-0400 c12c
ExportedFrom: CAPCITY2 dove-int 5212
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
 by: Ogg - Thu, 6 Oct 2022 15:59 UTC

Hello Arelor!

** On Thursday 06.10.22 - 05:39, Arelor wrote to Ogg:

>> "Hackers could have full access (!) to everything on the phones of
>> WhatsApp users.

A> [...] IN theory a compromised appplication could only
A> access resources the operating system is willing to
A> conceede to it. That is why you are supposed to give
A> permissions to applications to access this or that feature
A> of the phone.

My understanding of the vulnerability is that Whatsapp is
allowing full access despite user-controls, when a user is
tricked into a video conference or accepts some file delivery.
And.. meanwhile, Whatsapp stores the user passwords in the
clear.

--- OpenXP 5.0.51
* Origin: Ogg's Dovenet Point (723:320/1.9)
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

whatsapp = bad for your smartphone health

<633FA451.1291.dove-int@bbses.info>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=758&group=DOVE-Net.Internet#758

 copy link   Newsgroups: DOVE-Net.Internet
From: mro@VERT/BBSESINF (MRO)
To: Ogg
Subject: whatsapp = bad for your smartphone health
Message-ID: <633FA451.1291.dove-int@bbses.info>
Date: Thu, 6 Oct 2022 16:00:17 -0500
X-Comment-To: Ogg
Path: rocksolidbbs.com!not-for-mail
Organization: bbses.info
Newsgroups: DOVE-Net.Internet
In-Reply-To: <633F5DCA.5212.dove-int@capitolcityonline.net>
References: <633F5DCA.5212.dove-int@capitolcityonline.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-REPLY: 723:320/1.9@dovenet 012cac72
X-FTN-CHRS: CP437 2
WhenImported: 20221006211949-0700 c1e0
WhenExported: 20221007031860-0700 c1e0
ExportedFrom: VERT dove-int 8547
WhenImported: 20221006230017-0500 c168
WhenExported: 20221006231946-0500 c168
ExportedFrom: BBSESINF dove-int 1291
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
 by: MRO - Thu, 6 Oct 2022 21:00 UTC

Re: whatsapp = bad for your smartphone health
By: Ogg to Arelor on Thu Oct 06 2022 06:59 pm

> My understanding of the vulnerability is that Whatsapp is
> allowing full access despite user-controls, when a user is
> tricked into a video conference or accepts some file delivery.
> And.. meanwhile, Whatsapp stores the user passwords in the
> clear.

i didnt follow the link but i looked it upon my own.
they dont think anybody knew about this issue and it was patched. who knows if that's correct. it's from sending a video file that allows remote code execution.

what do you mean whatsapp stores user passwords in the clear?
they are encrypted.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

whatsapp = bad for your smartphone health

<634172BF.5214.dove-int@capitolcityonline.net>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=759&group=DOVE-Net.Internet#759

 copy link   Newsgroups: DOVE-Net.Internet
From: ogg@VERT/CAPCITY2 (Ogg)
To: MRO
Subject: whatsapp = bad for your smartphone health
Message-ID: <634172BF.5214.dove-int@capitolcityonline.net>
Date: Sat, 8 Oct 2022 01:52:00 -0400
X-Comment-To: MRO
Path: rocksolidbbs.com!not-for-mail
Newsgroups: DOVE-Net.Internet
In-Reply-To: <633FA451.1291.dove-int@bbses.info>
References: <633FA451.1291.dove-int@bbses.info>
X-FTN-AREA: DOVE-INTERNET
X-FTN-PID: OpenXP/5.0.51 (Win32)
X-FTN-MSGID: 723:320/1.9@dovenet 013cb800
X-FTN-REPLY: 5213.dove-int@723:320/1 27a513a0
X-FTN-CHRS: ASCII 1
X-FTN-SEEN-BY: 320/1
WhenImported: 20221008113759-0700 c1e0
WhenExported: 20221008151863-0700 c1e0
ExportedFrom: VERT dove-int 8548
WhenImported: 20221008085319-0400 c12c
WhenExported: 20221008143757-0400 c12c
ExportedFrom: CAPCITY2 dove-int 5214
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
 by: Ogg - Sat, 8 Oct 2022 05:52 UTC

Hello MRO!

** On Thursday 06.10.22 - 23:00, MRO wrote to Ogg:

M> i didnt follow the link but i looked it upon my own. they
M> dont think anybody knew about this issue and it was
M> patched. who knows if that's correct. it's from sending a
M> video file that allows remote code execution.

There were other links in the message, but yes.. the main thing
was the video-call issue. In the cnbc article:

"This is a big deal," Travis Ormandy, a researcher at Google
Project Zero which discovered the bug, said on Twitter. "Just
++answering a call from an attacker could completely compromise
WhatsApp."

M> what do you mean whatsapp stores user passwords in the clear?
M> they are encrypted.

One of the other articles mentioned that up until 2016 the app
didn't encrypt the pw or manage the keys properly.

--- OpenXP 5.0.51
* Origin: Ogg's Dovenet Point (723:320/1.9)
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

whatsapp = bad for your smartphone health

<6341CF99.1293.dove-int@bbses.info>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=760&group=DOVE-Net.Internet#760

 copy link   Newsgroups: DOVE-Net.Internet
From: mro@VERT/BBSESINF (MRO)
To: Ogg
Subject: whatsapp = bad for your smartphone health
Message-ID: <6341CF99.1293.dove-int@bbses.info>
Date: Sat, 8 Oct 2022 07:29:29 -0500
X-Comment-To: Ogg
Path: rocksolidbbs.com!not-for-mail
Organization: bbses.info
Newsgroups: DOVE-Net.Internet
In-Reply-To: <634172BF.5214.dove-int@capitolcityonline.net>
References: <634172BF.5214.dove-int@capitolcityonline.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-REPLY: 723:320/1.9@dovenet 013cb800
X-FTN-CHRS: CP437 2
WhenImported: 20221008124957-0700 c1e0
WhenExported: 20221008151863-0700 c1e0
ExportedFrom: VERT dove-int 8549
WhenImported: 20221008142929-0500 c168
WhenExported: 20221008144955-0500 c168
ExportedFrom: BBSESINF dove-int 1293
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
 by: MRO - Sat, 8 Oct 2022 12:29 UTC

Re: whatsapp = bad for your smartphone health
By: Ogg to MRO on Sat Oct 08 2022 08:52 am

> M> what do you mean whatsapp stores user passwords in the clear?
> M> they are encrypted.
>
> One of the other articles mentioned that up until 2016 the app
> didn't encrypt the pw or manage the keys properly.

i don't think they know that for sure. they probably salted them somehow.

there's a lot of services that didnt protect passwords properly. sony saved them in plain text. so did POF for a long time. dropbox has been compromised.

you can not expect to be safe.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor