Tag Archives: whatsapp

WhatsApp and Facebook signals can be hacked to track your location

Hackers can monitor 4G mobile networks to detect users’ location using supposedly anonymised identifiers

Security researchers have revealed how simply contacting somebody via WhatsApp or Facebook messenger can reveal a smartphone owner’s location by exploiting a security flaw in 4G mobile networks.

A hacker could use the apps to discover the supposedly anonymised identifiers that are assigned to devices when they connect to a network, and use them to locate their owner, according to researchers in Finland and Germany.

When a smartphone connects to a mobile network, it is assigned a temporary number called a TMSI (Temporary Mobile Subscriber Identity). The network then uses this eight-digit number to identify a device, rather than a phone number, to make communication more private.

However, a hacker monitoring radio communications could tie this TMSI to an individual by sending them a Facebook message or WhatsApp chat, both of which trigger a special “paging request” from a network that contains specific location information about a particular TMSI number.

Anybody with a Facebook account can send another user a Facebook message. Unless the two users are friends, this message will end up inFacebook’s “Other” folder, a feature most users do not know about that is only accessible on the social network’s desktop version, but sending a user a message will still trigger a paging request.

Likewise, WhatsApp’s “typing notification” – a feature on the chat app that displays when a contact is composing a message – also triggers the connection. If a hacker has a victim’s phone number, they could send them a message on WhatsApp, and if the victim begins to type a response, the network issues a paging request.

Within these paging requests are location data, that on newer 4G networks can be used to track users’ locations to an area of 2km2.

Older 2G and 3G networks would place a particular smartphone within a given “tracking area” of around 100km2, representing less of a security issue, but modern 4G networks place them in smaller “cells” of around 2km2, making it much easier to pinpoint a smartphone.

This allows network issues to be better understood, but in this case, gives away more data about smartphone users.

Smartphone trackingCells are much more accurate than tracking areas  Photo: Aalto University

It is relatively easy to monitor these signals using easily-available network hardware, according to the researchers from Aalto University, the University of Helsinki, Technische Universitat Berlin and Telekom Innovation Laboratories.

Although TMSIs are supposed to refresh relatively often, in order to protect privacy, they can persist for up to three days, the researchers said.

More aggressive attackers can set up a fake network base station to accurately triangulate users. These stations can request reports from TMSI numbers, typically used in cases of network failure, which can accurately reveal a smartphone’s location. At least one device gave away its GPS co-ordinates after a failure request, the researchers said.

Advertisements
Tagged , , , , , , , , ,

WhatsApp bug could affect millions of users

A bug in the popular messaging service WhatsApp put up to 200 million of its users at risk, security firm Check Point has warned.

The flaw allows hackers to distribute malware, including ransomware, which demands victims pay a fee to regain access to their files.

The vulnerability affects only the web-based version of the service.

WhatsApp was alerted to the problem at the end of last month and immediately issued a patch.

Check Point urged users to update their WhatsApp software immediately to take advantage of the fix.

Ransomware

The WhatsApp web app is a mirror version of its mobile app, enabling all messages, images and other content received on a smartphone to be accessed from a web browser.

There are currently over 200 million active users of the web app, according to statistics released by the firm this year. This compares to 900 million users of the smartphone app.

WhatsApp was bought by Facebook in February 2014.

According to Check Point, the vulnerability was caused by the way the service handles contacts sent in the vCard (virtual card) format.

All a hacker needed to do to send a virtual business card that looked legitimate was know their target’s mobile number.

Once opened the vCard could distribute malicious code.

One expert said it was relatively easy for hackers to get hold of mobile numbers that have been disclosed via other breaches.

“Bearing in mind that WhatsApp is a cross-platform mobile messaging app, the chances of you opening a vCard sent to you is quite high,” commented Mark James, a specialist at security firm ESET.

“Once opened it could attempt to download and infect your system with ransomware.”

Check Point alerted WhatsApp about the problem on 21 August and a week later it issued a fix.

Tagged , , , , , , , , ,

iPhone owners can finally use WhatsApp from their web browsers

Messaging service rolls out WhatsApp Web for iOS, several months after it launched on other mobile platforms

It’s the moment many iPhone users have been waiting for: Now you can use the world’s biggest messaging app, WhatsApp, on your desktop’s web browser.

The Facebook-owned service rolled out WhatsApp Web earlier this yearfor Android, BlackBerry and Windows Phone, but has only just begun to include iOS.

The service effectively replicates the experience of using the mobile messaging app, but on a web browser, allowing users to seamlessly pick up their chats.

To start using it, head to http://web.whatsapp.com, where you’ll be prompted to scan a QR code with WhatsApp on your smartphone.

The iPhone update was spotted by British Reddit user vmax77, although it appears that WhatsApp is gradually rolling out the update, with some users not able to access it yet.

WhatsApp web iPhoneThe new homescreen of WhatsApp web, which now includes an iPhone option

To access WhatsApp’s QR scanner on the iPhone, open the app and then go to “Settings” and “WhatsApp Web”. The option is likely to appear over the next few days if it has not already.

After scanning the QR code, your phone will remotely enable the web version of WhatsApp, opening up your most recent chats, as well as allowing you to write new messages and create groups.

  Photo: vmax77/imgur

WhatsApp is the world’s most popular messaging platform, handling more than 30 billion messages a day.

In 2014, the company was bought by Facebook for $19 billion. It has since introduced new features such as voice calling.

Tagged , , , , , , ,

WhatsApp Web is now available on iPhone

After launching on Chrome and Android earlier this year, WhatsApp Web is finally making its way to the iPhone. WhatsApp Web lets users access their messages in Chrome, bringing one of the world’s largest messaging platforms to the desktop. Up until this point WhatsApp Web was restricted to Android, Windows, and Blackberry devices due to “Apple platform limitations.” But now it’s available on every major platform, with iPhone support currently rolling out, as first noted by The Next Web. To use the web client, head to web.whatsapp.com and scan the QR Code using WhatsApp on your device and it will begin pairing.

Tagged , , , , , , ,

A Year Later, $19 Billion For WhatsApp Doesn’t Sound So Crazy

Messaging is the center of mobile. Snapchat is raising at around a $20 billion valuation. And no one cares who owns apps. On February 19th, 2014, we didn’t know any of these things for sure. So when Facebook announced it would pay $19 billion to acquire WhatsApp — an app most American pundits had never used — it seemed ludicrous. Zuck had to be crazy, right?

Wrong.

Without WhatsApp, Facebook’s international situation would look a lot dicier. And if a competitor like Google acquired it instead, it could have been disastrous.

Instead, Facebook possess the most popular messaging app, and has neutralized the biggest threat to its global domination of social networking.

Why?

Chat Is The Mobile Portal

No apps get opened as often as messaging apps. While you might spend longer in total scrolling through Facebook, Instagram, Twitter, or Pinterest, the frequent short sessions with chat apps make them a vector for other experiences. That means they’re more valuable than they might first appear.

How do you monetize chat? It’s a tough question. Sure there’s stickers, but there’s too much competition to charge much upfront for an app and its too interruptive to show ads. Butplatforms, hubs, portals — whatever you want to call them — hold plenty of opportunities to cash in.

WeChat-users-in-Singapore-can-now-book-taxis-inside-app-more-countries-to-follow-in-EasyTaxi-partnership

Snapchat Discover HomepageThe messaging apps from Asia are proving this as we speak. China’s WeChat also lets you call a taxi, pay friends, search, shop, buy movie tickets, and more.Japan’s Line hosts Line Pay, Line TV, and an identity platform for games. Why fumble with a bunch of different apps, passwords, and payment methods when you can do it all while you chat?

Even Snapchat is expanding far beyond messaging. Its Stories product for broadcasting sequences of photos and videos is a hit with star content creators. Its Snapcash feature lets you quickly pay friends through Square Cash. And its new Discover portalcollects Snap-formatted content from premium producers like Comedy Central, CNN, ESPN, and Vice.

A lot of critics wondered how Facebook could earn money from messaging on WhatsApp, considering it’svowed not to show ads and only charges its skimpy $1 subscription fee in a few markets. The answer is it doesn’t have to. By taking a cut of commerce, or charging for promotion of content, it could keep chat lean and clean while monetizing other parts.

It Missed The Boat On Snapchat

Facebook famously offered to buy Snapchat for somewhere around $3 billion. With 20/20 hindsight, we know that was a short-sighted low-ball. Snapchat rejected the offer, and all of Facebook’s efforts to clone it since have failed spectacularly.

9711063387_e7bd4832a8_b

Now Snapchat is trying to raise around $500 million at a $20 billion valuation. Its Stories feature has grown into a competitor to Facebook’s News Feed. And Discover could make it all quite monetizable if it gets popular. Snapchat is constantly cited as where teens are ditching your parents’ social network for.

Snapchat has become one of the banes of Facebook’s existence, and I’d imagine Facebook wasn’t willing to let it happen again abroad. So rather than trying to pay what WhatsApp was worth a year ago, it resigned to pay what it may be worth one day.

Parent Companies Don’t Matter

Whenever a tech giant buys a popular startup, there’s always some immediate backlash from users, and worries that people will jump ship. But time and time again, we’ve seen that if the acquired startup is allowed to run at least-somewhat independently and can simply carry on its mission with more resources, fans stay loyal.

Instagram had around 30 million users when Facebook bought it $1 billion. Now it has over300 million users and Citigroup values it at $35 billion.

instagram-30m-chart1

Some Kickstarter backers and early developers moaned when Facebook acquired Oculus. But it’s since flourished into the premier virtual reality platform. CEO Brendan Iribe told me the acquisition helped by boosting confidence of big devs because they knew Oculus wouldn’t run out of money and shut down.

The Parse developer platform has grown from 60,000 apps to over 500,000 since Facebook bought it. Flurry flourished with Yahoo. Twitter’s ownership didn’t deter people from Vine.

Facebook buying WhatsApp wasn’t going to ruin it, and it didn’t. It’s kept growing from 450 million monthly users a year ago to 700 million last month.

The Scary Alternative

More risky than Facebook not buying WhatsApp was what would happen if a competitor did.

Most obviously, Google could have used WhatsApp to jumpstart its late-to-the-game Hangouts messenger. Suddenly, Facebook would be battling a deep-pocketed competitor to replace SMS as the way the world chats.

Without it, Google has seemingly surrendered in the messaging war. Since WhatsApp runs independently, Facebook has been able to focus on its Messenger app in its home market, which has risen to a 500 million users.

IMG_8403WhatsApp has achieved massive popularity in the developing world where SMS fees are hard to swallow. That’s because discretionary income is less common, which also makes monetizing these users with ads difficult. That’s a problem for Facebook that WhatsApp can help solve. Through mobile payments that are widespread in places like Africa, WhatsApp could monetize where it’s tough for its parent.

And whether it stayed independent or sold to someone else, WhatsApp could have challenged Facebook’s iron grip on social networking. It’s not just chat. WhatsApp offers a status update feature reminiscent of AOL Instant Messenger’s away messages. But if you squint, those statuses look quite similar to what people post to the Facebook feed.

Since messaging is the core feature of mobile, WhatsApp could have wedged its way into becoming a full-fledged social network starting with statuses.

We won’t know for sure until WhatsApp starts bringing in serious revenue. But in the age of the desktop web, AOL and Yahoo grew huge by using their frequent use to become the portals to everything else. Messaging apps are the portals of mobile, and Facebook owns the biggest one.

Crazy like a fox.

Tagged , , , ,

WhatsApp Plus users suspended by official app for 24 hours

WhatsApp is imposing 24-hour lock-outs on people trying to access its service via an unauthorised Android app.

The Facebook-owned messaging service said that it had acted against users of WhatsApp Plus because of concerns that the program might cause private data to be leaked to third-parties.

The unofficial app offers extra ways to customise how conversations appear.

Experts say Android users should be cautious about where they download apps from.

WhatsApp recently reported it had 700 million users sending an average of 30 billion messages a day. It currently charges a $0.99 (65p) annual fee to users who sign up to the service after their first 12 months of using it.

“Our goal is always to keep WhatsApp fast and secure for the people who use it – it’s the most important thing we do,” said a spokesman for the firm.

“Third-parties that have built unauthorised functionality on top of WhatsApp create issues for people including lost messages.

“This goes against the experience we work hard to give people and we won’t let it continue. Starting today, we are taking aggressive action against unauthorised apps and alerting the people who use them.”

The effort coincides with the introduction of the ability to access WhatsApp from the Google Chrome web browser, as an alternative to the app. This will not, however, work on Apple’s iPhones or iPads.

Cease and desist letter

According to one app store, WhatsApp Plus had itself been downloaded more than 35 million times since its 2012 releases by a Spanish developer, who called himself Rafalense.

Security consultant Graham Cluley said that figure sounded “surprisingly high”, but acknowledged there was no independent way to verify it.

WhatsApp Plus’ own website appears to be offline at this time.

But the moderator of a development community, which had supported it, used Google Plus to indicate that work on the software would now be put on hold.

“We have received a cease and desist letter from WhatsApp and we are obligated to remove all download links and unfortunately delete this community,” he wrote.

“[I] am really sorry for this but it’s out of our hands and WhatsApp has pushed us into a corner that we can’t escape this time. It was a fun ride but it has come to an end.

“Deepest regards from Rafalense and me and all the WhatsApp Plus team for your support.”

Twenty-four hour bans

WhatsApp Plus offers a way to use colours and background images in chat conversations that are unavailable in the official app.

In addition, it allows users to increase the size limit on attached video and sound files and also lets them prevent others being able to see when they last logged into the service – a feature it used to charge a “donation” to unlock.

To access the features, smartphone owners must first uninstall the official WhatsApp app if it is already on their handsets.

Facebook is in turn urging people using WhatsApp Plus to delete it and install the official app via Google’s Play store. However, even if they do so, they are told they cannot access the service for further 24 hours because they violated its terms and conditions.

‘Maintaining control’

WhatsApp Plus was not available from Google Play – the Android developer’s own store – but was promoted on several smaller alternatives.

“People should be careful about third-party stores,” commented Dr Joss Wright from the Oxford Internet Institute.

“There are levels of quality control that are implemented by Google, which withdraws apps that are detected as being not completely legitimate, and indeed by Apple, which is incredibly restrictive about what it allows on the iOS store.

“Such apps could bring with them security bugs.”

But he added that Facebook also had other incentives to stop independent apps latching onto its WhatsApp platform.

“That could potentially prevent it from adding services later for an added cost,” he said.

“Or if it wants to add adverts later and ensure they are being served to the people who should be seeing them, then that it needs to maintain control and prevent the rules that it has set from being bypassed by third-party clients.”

Tagged , , , , ,