Jump to content
Search In
  • More options...
Find results that contain...
Find results in...


  • Content Count

  • Joined

  • Last visited


This user doesn't have any awards

About captain_to_fire

  • Title
    Now what?
  • Birthday September 20

Contact Methods

  • Twitter

Profile Information

  • Gender
  • Location
    head above water
  • Occupation
    Med student

Recent Profile Visitors

59,102 profile views

Single Status Update

See all updates by captain_to_fire

  1. PSA: I can’t believe this hasn’t made it on the Tech News yet. WhatsApp urges its users to immediately update the said app after finding out that Israeli hackers have allegedly taken advantage of a vulnerability that can spy on iPhones. What’s worse is that all a hacker needs to do is call the target and the user doesn’t even need to answer. 



    The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.


    Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.


    WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure. An update to the app was published on Monday, and the company is encouraging users to upgrade out of an abundance of caution.

    Which makes me think, are Telegram and iMessage vulnerable too? Is it possible that the design flaw is that your username is your phone number? 

    1. Show previous comments  9 more
    2. captain_to_fire




      No need to go conspiracy mode on an implementation flaw.

      Well I was thinking that having your phone number as your only username to use WhatsApp might be a design flaw in security. I could be wrong, but you can be a target already by having a single phone number unlike having an actual username. 

    3. captain_to_fire


      But then, what do I know? 🤷🏻‍♂️

    4. 2FA


      A security (researcher?) manager by the name of Adam Brown at Synopsis is claiming it's actually a vulnerability in libssh (this is what a couple articles say) but there is no link to a statement by him nor can I find anyone else stating this. Also it affects Android versions, Windows Phone, and Tizen (but slightly older version numbers). News is so new with little reporting that it's hard to find concrete information about it. Not even NIST or Mitre have published the CVE information yet, but the number is reserved in their databases.