• whatsapp = bad for your smartphone health

    From Ogg@VERT/CAPCITY2 to All on Wed Oct 5 19:50:00 2022
    FYI, gleened from Durov's Telegram channel, Oct 5..

    [start]

    "Hackers could have full access (!) to everything on the phones of WhatsApp users.

    "This was possible through a security issue disclosed by WhatsApp itself (https://www.whatsapp.com/security/advisories/2022/) last week. All a hacker had to do to control your phone was send you a malicious video or start a video call with you on WhatsApp.

    "You are probably thinking "Yeah, but if I updated WhatsApp to the latest version, I am safe, right"?

    "Not really.

    "A WhatsApp security issue exactly like this one was discovered in 2018 (https://www.cnbc.com/2018/10/10/whatsapp-bug-let-hackers-hijack-accounts-with-a-video-call-reports.html), then another in 2019 (https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537acab) and yet another one in 2020 (https://timesofindia.indiatimes.com/gadgets-news/whatsapp-reveals-six-security-issues-that-could-have-got-its-users-hacked/articleshow/77925426.cms) (tap each year's link to see the corresponding vulnerability). And yes, in 2017 (https://telegra.ph/whatsapp-backdoor-01-16) before that. Prior to 2016, WhatsApp didn't have encryption at all.

    "Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental - they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added (read the post "Why WhatsApp will never be secure (https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15)" to understand why).

    "It doesn't matter if you are the richest person on earth - if you have WhatsApp installed on your phone, all your data from every app on your device is accessible, as Jeff Bezos found out in 2020 (https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince). That's why I deleted WhatsApp from my devices years ago. Having it installed creates a door to get into your phone.

    "I'm not pushing people to switch to Telegram here. With 700M+ active users and 2M+ daily signups, Telegram doesn't need additional promotion. You can use any messaging app you like, but do stay away from WhatsApp - it has now been a surveillance tool for 13 years.

    [stop]

    Personally, I find Telegram a great little comm app to use between friends.


    --- OpenXP 5.0.51
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    Synchronet CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Thu Oct 6 05:39:22 2022
    Re: whatsapp = bad for your smartphone health
    By: Ogg to All on Wed Oct 05 2022 07:50 pm

    "Hackers could have full access (!) to everything on the phones of WhatsApp users.

    I have not followed the links yet, but by the sound of it, it would be an issue with the underlying
    operating system Whatsapp would be running on too. IN theory a compromised appplication could only access
    resources the operating system is willing to conceede to it. That is why you are supposed to give
    permissions to applications to access this or that feature of the phone.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    Synchronet Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Ogg@VERT/CAPCITY2 to Arelor on Thu Oct 6 18:59:00 2022
    Hello Arelor!

    ** On Thursday 06.10.22 - 05:39, Arelor wrote to Ogg:

    "Hackers could have full access (!) to everything on the phones of
    WhatsApp users.

    [...] IN theory a compromised appplication could only
    access resources the operating system is willing to
    conceede to it. That is why you are supposed to give
    permissions to applications to access this or that feature
    of the phone.

    My understanding of the vulnerability is that Whatsapp is
    allowing full access despite user-controls, when a user is
    tricked into a video conference or accepts some file delivery.
    And.. meanwhile, Whatsapp stores the user passwords in the
    clear.


    --- OpenXP 5.0.51
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    Synchronet CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP