Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Signal. Show all posts
WhatsApp
Android Trojan Encrypted Chats malware Signal Sturnus WhatsApp

New Android Malware ‘Sturnus’ Bypasses Encrypted Messaging Protections

 

Researchers at MTI Security have unearthed a particularly advanced strain of Android malware called Sturnus, which threatens to compromise the data and security of mobile phone owners. The malware reportedly employs advanced interception techniques to capture data and circumvent even the best application-level encryption, making the security features of popular messaging apps like WhatsApp, Telegram and Signal pointless. 

The Sturnus malware does not need to crack encryption, according to MTI. Instead, it uses a sophisticated trick: the malware takes a screenshot once the messages have been decrypted for viewing.By exploiting a device’s ability to read the on-screen contents in real time, Sturnus can steal private message texts without leaving a trace. This means that scammers can access sensitive chats, and potentially collect personally identifiable information (PII) or financial data if shared in secure chats. 

In addition to message interception, Sturnus employs complex social engineering to steal credentials. The malware is capable to display fake login screens that looks like real banking apps, and can be very convincing. Users can inadvertently provide their information to the hackers if they use their login details on these fake sites. 

Sturnus can also simulate an Android system update screen, making the victim believe a normal update is being installed while malicious operations take place in the background. Perhaps most disturbingly, the researchers warn that Sturnus can also increase its privileges by tracking unlock attempts and recording device passwords or PINs. This allows the malware to gain root access which lets the attackers prevent the victims from removing the malicious code or regaining control of their devices. 

The majority of Sturnus infections detected so far are positively grouped in Southern and Central Europe, according to surveillance and analysis by the cybersecurity firm Threat Fabric. Such a restricted geography suggests that threat actors are still experimenting with the capabilities of the malware and the way it operates before potentially launching a worldwide campaign. 

Experts recommend users of Android to be cautious, refrain from downloading apps from unknown sources and be wary when asked accessibility or overlay permissions to apps they don’t know. But with its progress, Sturnus also exhibits the increasing complexity of Android malware and the difficulty in keeping users safe in a landscape of continuously evolving mobile threats.
Read more »
X
AI Cloud Data Encryption Privacy Signal WhatsApp X

User Privacy:Is WhatsApp Not Safe to Use?


WhatsApp allegedly collects data

The mega-messenger from Meta is allegedly collecting user data to generate ad money, according to recent attacks on WhatsApp. WhatsApp strongly opposes these fresh accusations, but it didn't help that a message of its own appeared to imply the same.  

The allegations 

There are two prominent origins of the recent attacks. Few experts are as well-known as Elon Musk, particularly when it occurs on X, the platform he owns. Musk asserted on the Joe Rogan Experience that "WhatsApp knows enough about what you're texting to know what ads to show you." "That is a serious security flaw."

These so-called "hooks for advertising" are typically thought to rely on metadata, which includes information on who messages whom, when, and how frequently, as well as other information from other sources that is included in a user's profile.  

End-to-end encryption 

The message content itself is shielded by end-to-end encryption, which is the default setting for all 3 billion WhatsApp users. Signal's open-source encryption protocol, which the Meta platform adopted and modified for its own use, is the foundation of WhatsApp's security. So, in light of these new attacks, do you suddenly need to stop using WhatsApp?

In reality, WhatsApp's content is completely encrypted. There has never been any proof that Meta, WhatsApp, or anybody else can read the content itself. However, the platform you are utilizing is controlled by Meta, and it is aware of your identity. It does gather information on how you use the platform.  

How user data is used 

Additionally, it shares information with Meta so that it can "show relevant offers/ads." Signal has a small portion of WhatsApp's user base, but it does not gather metadata in the same manner. Think about using Signal instead for sensitive content. Steer clear of Telegram since it is not end-to-end encrypted and RCS because it is not yet cross-platform encrypted.

Remember that end-to-end encryption only safeguards your data while it is in transit. It has no effect on the security of your content on the device. I can read all of your messages, whether or not they are end-to-end encrypted, if I have control over your iPhone or Android.

Read more »
Signal
AWS communication Data Decentralised Platform Matrix Outage Privacy Signal

AWS Outage Exposes the Fragility of Centralized Messaging Platforms




A recently recorded outage at Amazon Web Services (AWS) disrupted several major online services worldwide, including privacy-focused communication apps such as Signal. The event has sparked renewed discussion about the risks of depending on centralized systems for critical digital communication.

Signal is known globally for its strong encryption and commitment to privacy. However, its centralized structure means that all its operations rely on servers located within a single jurisdiction and primarily managed by one cloud provider. When that infrastructure fails, the app’s global availability is affected at once. This incident has demonstrated that even highly secure applications can experience disruption if they depend on a single service provider.

According to experts working on decentralized communication technology, this kind of breakdown reveals a fundamental flaw in the way most modern communication apps are built. They argue that centralization makes systems easier to control but also easier to compromise. If the central infrastructure goes offline, every user connected to it is impacted simultaneously.

Developers behind the Matrix protocol, an open-source network for decentralized communication, have long emphasized the need for more resilient systems. They explain that Matrix allows users to communicate without relying entirely on the internet or on a single server. Instead, the protocol enables anyone to host their own server or connect through smaller, distributed networks. This decentralization offers users more control over their data and ensures communication can continue even if a major provider like AWS faces an outage.

The first platform built on Matrix, Element, was launched in 2016 by a UK-based team with the aim of offering encrypted communication for both individuals and institutions. For years, Element’s primary focus was to help governments and organizations secure their communication systems. This focus allowed the project to achieve financial stability while developing sustainable, privacy-preserving technologies.

Now, with growing support and new investments, the developers behind Matrix are working toward expanding the technology for broader public use. Recent funding from European institutions has been directed toward developing peer-to-peer and mesh network communication, which could allow users to exchange messages without relying on centralized servers or continuous internet connectivity. These networks create direct device-to-device links, potentially keeping users connected during internet blackouts or technical failures.

Mesh-based communication is not a new idea. Previous applications like FireChat allowed people to send messages through Bluetooth or Wi-Fi Direct during times when the internet was restricted. The concept gained popularity during civil movements where traditional communication channels were limited. More recently, other developers have experimented with similar models, exploring ways to make decentralized communication more user-friendly and accessible.

While decentralized systems bring clear advantages in terms of resilience and independence, they also face challenges. Running individual servers or maintaining peer-to-peer networks can be complex, requiring technical knowledge that many everyday users might not have. Developers acknowledge that reaching mainstream adoption will depend on simplifying these systems so they work as seamlessly as centralized apps.

Other privacy-focused technology leaders have also noted the implications of the AWS outage. They argue that relying on infrastructure concentrated within a few major U.S. providers poses strategic and privacy risks, especially for regions like Europe that aim to maintain digital autonomy. Building independent, regionally controlled cloud and communication systems is increasingly being seen as a necessary step toward safeguarding user privacy and operational security.

The recent AWS disruption serves as a clear warning. Centralized systems, no matter how secure, remain vulnerable to large-scale failures. As the digital world continues to depend heavily on cloud-based infrastructure, developing decentralized and distributed alternatives may be key to ensuring communication remains secure, private, and resilient in the face of future outages.


Read more »
US President
Chat Leak Cyber Security Signal Signalgate US President

Trump Claims Administration Learnt to Avoid Signal After Group Chat Leak

 

President Donald Trump stated that his administration has learnt from Signalgate. "I think we learnt: Maybe don't use Signal, okay?" Trump spoke about the messaging app in an interview with The Atlantic published Monday.

"If you want to know the truth. I would frankly tell these people not to use Signal, although it's been used by a lot of people," US president added. "But, whatever it is, whoever has it, whoever owns it, I wouldn't want to use it.”

Last month, The Atlantic's editor in chief, Jeffrey Goldberg, revealed that he had been inadvertently included in a Signal group discussion by White House national security adviser Mike Waltz. Goldberg stated that the group chat was called "Houthi PC small group" and included other officials such as Defence Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, and Secretary of State Marco Rubio. "PC" stood for "principals committee." 

"In the chat, Waltz and the other Trump officials were talking about specifics of a planned U.S. strike on Houthi rebels," Goldberg claimed. The authenticity of the group discussion was later verified by the National Security Council to Business Insider. At first, Trump denied knowing about the security failure. After the incident, he defended Waltz and Hegseth, stating that he would not fire them. 

Signal, which was first launched in 2014, is a non-profit, open-source encrypted messaging application. Last month, Signal stated in an X post that misinformation was "flying around that might drive people away from Signal and private communications.”

"One piece of misinformation we need to address is the claim that there are 'vulnerabilities' in Signal," it stated on March 25, citing an NPR report that quoted a Pentagon memo it received, alerting staff of a possible vulnerability in the messaging app. 

“The memo used the term 'vulnerability' in relation to Signal — but it had nothing to do with Signal's core tech. It was warning against phishing scams targeting Signal users,” Signal wrote in its post.
Read more »
War Plans
Cyber Security Data Leak Pentagon Head Signal Threat Intelligence War Plans

Pentagon Director Hegseth Revealed Key Yemen War Plans in Second Signal Chat, Source Claims

 

In a chat group that included his wife, brother, and personal attorney, U.S. Defence Secretary Pete Hegseth provided specifics of a strike on Yemen's Iran-aligned Houthis in March, a person familiar with the situation told Reuters earlier this week. 

Hegseth's use of an unclassified messaging system to share extremely sensitive security details is called into question by the disclosure of a second Signal chat. This comes at a particularly sensitive time for him, as senior officials were removed from the Pentagon last week as part of an internal leak investigation. 

In the second chat, Hegseth shared details of the attack, which were similar to those revealed last month by The Atlantic magazine after its editor-in-chief, Jeffrey Goldberg, was accidentally included in a separate chat on the Signal app, in an embarrassing incident involving all of President Donald Trump's most senior national security officials.

The individual familiar with the situation, who spoke on the condition of anonymity, stated that the second chat, which comprised around a dozen people, was set up during his confirmation process to discuss administrative concerns rather than real military planning. According to the insider, the chat included details about the air attack schedule. 

Jennifer, Hegseth's wife and a former Fox News producer, has attended classified meetings with foreign military counterparts, according to photographs released by the Pentagon. During a meeting with his British colleague at the Pentagon in March, Hegseth's wife was found sitting behind him. Hegseth's brother serves as a Department of Homeland Security liaison to the Pentagon.

The Trump administration has aggressively pursued leaks, which Hegseth has warmly supported in the Pentagon. Pentagon spokesperson Sean Parnell said, without evidence, that the media was "enthusiastically taking the grievances of disgruntled former employees as the sole sources for their article.” 

Hegeseth'S tumultuous moment 

Democratic lawmakers stated Hegseth could no longer continue in his position. "We keep learning how Pete Hegseth put lives at risk," Senate Minority Leader Chuck Schumer said in a post to X. "But Trump is still too weak to fire him. Pete Hegseth must be fired.”

Senator Tammy Duckworth, an Iraq War veteran who was severely injured in combat in 2004, stated that Hegseth "must resign in disgrace.” 

The latest disclosure comes just days after Dan Caldwell, one of Hegseth's top aides, was taken from the Pentagon after being identified during an investigation into leaks at the Department of Defence. Although Caldwell is not as well-known as other senior Pentagon officials, he has played an important role for Hegseth and was chosen the Pentagon's point of contact by the Secretary during the first Signal chat.
Read more »
Vulnerabilities and Exploits
Cloudfare Discord Signal User Privacy Vulnerabilities and Exploits

Cloudflare CDN Vulnerability Exposes User Locations on Signal, Discord

 

A threat analyst identified a vulnerability in Cloudflare's content delivery network (CDN) which could expose someone's whereabouts just by sending them an image via platforms such as Signal and Discord. While the attack's geolocation capability is limited for street-level tracking, it can provide enough information to determine a person's regional region and track their activities. 

Daniel's discovery is especially alarming for individuals who are really concerned regarding their privacy, such as journalists, activists, dissidents, and even cybercriminals. This flaw, however, can help investigators by giving them further details about the state or nation where a suspect might be. 

Covert zero-click monitoring

Daniel, a security researcher, found three months ago that Cloudflare speeds up load times by caching media resources at the data centre closest to the user. 

"3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius," explained Daniel. "With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.” 

To carry out the information-disclosure assault, the researcher would transmit a message to an individual including a unique image, such as a screenshot or a profile avatar, stored on Cloudflare's CDN. 

Subsequently, he exploited a flaw in Cloudflare Workers to force queries through specific data centres via a new tool called Cloudflare Teleport. This arbitrary routing is typically prohibited by Cloudflare's default security limitations, which require that each request be routed from the nearest data centre. 

By enumerating cached replies from multiple Cloudflare data centres for the sent image, the researcher was able to map users' geographical locations based on the CDN returning the closest airport code to their data centre.

Furthermore, since many apps, like Signal and Discord, automatically download images for push notifications, an attacker can monitor a target without requiring user engagement, resulting in a zero-click attack. Tracking accuracy extends from 50 to 300 miles, depending on the location and the number of Cloudflare data centers nearby.
Read more »
Technology
Android interface iOS links Signal Technology

Join Group Calls Easily on Signal with New Custom Link Feature





Signal, the encrypted messaging service, has included new features to make it easier to join group calls, through personalised links. A blog post recently announced the update on the messaging app, setting out to simplify the way of conducting and administering a group call on its service.


Group Calls via Custom Link Easily Accessible


In the past, a group call on Signal began by first making a group chat. Signal recently added features that included automatically creating and sharing a direct link for group calls. Users no longer have to go through that annoying group chat setup just to make the call. To create a call link, one has to open the app and go to the links tab to tap to start a new call link. All links can be given a user-friendly name and include the ability to require approval of any new invitees prior to them joining, adding yet another layer of control.


The call links are also reusable, which is very useful for those who meet regularly, such as weekly team calls. Signal group calling has now been expanded to 50 participants, expanding its utilisation for larger groups.


More Call Control


This update also introduces better management tools for group calls. Users can remove participants if needed and even block them from rejoining if it is needed. That gives hosts more power when it comes to who should have access to the call, which would improve safety and participant management.


New Interactive Features for Group Calls


Besides call links, Signal has also integrated some interactive tools for consumers during group calls. Signal has included a "raise hand" button to enable participants to indicate whether they would want to speak, which makes further efforts to organise group discussions. It also allows support through emoji reactions in calls. The user can continue participating and not interrupt another caller.


Signal has also improved the call control interface so that more manoeuvres are available to mute or unmute a microphone, or turn cameras on or off. This is to ensure more fluidity and efficiency in its use.


Rollout Across Multiple Platforms


The new features are now rolled out gradually across Signal's desktop, iOS, and Android versions. The updated app is available on the App Store for iPhone and iPad users free of charge. In order to enjoy the new features regarding group calling functions, users should update their devices with the latest version of Signal.


Signal has recently added new features to make group calling easier, more organised, and intuitive. It has given the user more freedom to control the calls for both personal use and professional calls.

Read more »
User Data
Cyber Security data security Hacking WhatsApp iOS security macOS Signal Signal app User Data

Major Security Flaw in WhatsApp and Signal MacOS Apps Puts User Data at Risk

 

A significant security warning has emerged for WhatsApp and Signal users this week, urging them to consider deleting their apps, particularly on MacOS. The issue, primarily affecting Apple users leveraging multi-device functionality, highlights severe vulnerabilities in the MacOS versions of these popular messaging platforms. Security researcher Tommy Mysk, known for uncovering critical vulnerabilities, recently disclosed that both WhatsApp and Signal MacOS apps store local data, including chat histories and media attachments, in locations accessible to any app or process running on the device. 

This is a stark contrast to Apple’s iMessage, which, despite storing similar data, uses sandboxing to prevent unauthorized access by other apps. The primary concern lies in how these apps handle local data storage. While WhatsApp and Signal emphasize end-to-end encryption for secure message transmission, this protection is compromised if local data can be accessed by other apps or malware. Mysk explained that the chat histories, the core of what these apps are designed to protect, are not sufficiently safeguarded on MacOS. The vulnerability means that if a malicious app gains access to the device, it could potentially monitor and exfiltrate the unencrypted local data. 

For WhatsApp, this includes both chat histories and media attachments. Mysk warned, “WhatsApp doesn’t encrypt the local database that stores chat histories. It doesn’t encrypt media attachments sent through the chat either. A simple malware could theoretically monitor this data and send it live to a remote server, rendering end-to-end encryption useless.” Signal, on the other hand, does encrypt local chat histories but fails to encrypt media attachments. More concerning is that the encryption key for the local chat history is stored in plain text within the same folder, making it accessible to other apps. This flaw undermines the app’s security, as an attacker could clone the local data folder to another device and restore the session. 

Mysk highlighted, “Signal’s false sense of security extends to their back-end servers. When copying the entire folder containing the app’s local data and moving the copy to a different Mac, an attacker can restore the session. Signal servers let the ‘cloned’ session co-exist with the other legit sessions.” The discovery underscores the persistent risk of endpoint compromise for fully encrypted platforms. While end-to-end encryption protects data in transit, the local storage vulnerabilities in these MacOS apps open potential pathways for remote or physical attacks. 

As users continue to rely on messaging apps for secure communication, these revelations call for immediate action from both WhatsApp and Signal to address these security gaps and reinforce their data protection measures on MacOS. For now, users should remain vigilant and consider the potential risks when using these platforms on their Mac devices.
Read more »
Subscribe to: Comments (Atom)