Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

captain_to_fire

Member
  • Content Count

    4,429
  • Joined

  • Last visited

Awards


This user doesn't have any awards

About captain_to_fire

  • Title
    Now what?
  • Birthday September 20

Contact Methods

  • Twitter
    @hey_yo_143

Profile Information

  • Gender
    Male
  • Location
    head above water
  • Occupation
    Med student

Recent Profile Visitors

59,102 profile views

Single Status Update

See all updates by captain_to_fire

  1. PSA: I can’t believe this hasn’t made it on the Tech News yet. WhatsApp urges its users to immediately update the said app after finding out that Israeli hackers have allegedly taken advantage of a vulnerability that can spy on iPhones. What’s worse is that all a hacker needs to do is call the target and the user doesn’t even need to answer. 

    https://www.theguardian.com/technology/2019/may/13/whatsapp-urges-users-to-upgrade-after-discovering-spyware-vulnerability 

    Quote

    The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.

     

    Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.

     

    WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure. An update to the app was published on Monday, and the company is encouraging users to upgrade out of an abundance of caution.

    Which makes me think, are Telegram and iMessage vulnerable too? Is it possible that the design flaw is that your username is your phone number? 

    1. Show previous comments  9 more
    2. captain_to_fire

      captain_to_fire

      @2FA 

      Quote

      No need to go conspiracy mode on an implementation flaw.

      Well I was thinking that having your phone number as your only username to use WhatsApp might be a design flaw in security. I could be wrong, but you can be a target already by having a single phone number unlike having an actual username. 

    3. captain_to_fire

      captain_to_fire

      But then, what do I know? 🤷🏻‍♂️

    4. 2FA

      2FA

      A security (researcher?) manager by the name of Adam Brown at Synopsis is claiming it's actually a vulnerability in libssh (this is what a couple articles say) but there is no link to a statement by him nor can I find anyone else stating this. Also it affects Android versions, Windows Phone, and Tizen (but slightly older version numbers). News is so new with little reporting that it's hard to find concrete information about it. Not even NIST or Mitre have published the CVE information yet, but the number is reserved in their databases.

×