Facebook, WhatsApp Will Have to Share Messages With U.K.

By: sikur

By  and 

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.

The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.

Priti Patel, the U.K.’s home secretary, has previously warned that Facebook’s plan to enable users to send end-to-end encrypted messages would benefit criminals, and called on social media firms to develop “back doors” to give intelligence agencies access to their messaging platforms.

“We oppose government attempts to build backdoors because they would undermine the privacy and security of our users everywhere,” Facebook said in a statement. “Government policies like the Cloud Act allow for companies to provide available information when we receive valid legal requests and do not require companies to build back doors.”

The U.K. and the U.S. have agreed not to investigate each other’s citizens as part of the deal, while the U.S. won’t be able to use information obtained from British firms in any cases carrying the death penalty.
Details of the accord were reported earlier by the Times.

— With assistance by Kurt Wagner

(Adds Facebook’s comment in fourth paragraph.)
Source: https://www.bloomberg.com/news/articles/2019-09-28/facebook-whatsapp-will-have-to-share-messages-with-u-k-police
Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Facebook admite que ouviu e transcreveu áudio de usuários

By: Louise Rodrigues

Após polêmicas envolvendo Apple e Amazon, o Facebook garantiu que interrompeu o programa de transcrição

Facebook admitiu, nesta terça-feira (13), que pagou profissionais para transcrevem os áudios enviados pelos usuários de seus serviços. Segundo a agência de notícias Bloomberg os contratados escutavam todo o tipo de conversa, mesmo sem informações sobre como os áudios foram obtidos e onde foram gravados. Após polêmicasenvolvendo Siri e Alexa, assistentes virtuais do iPhone e do Amazon Echo, o programa teria parado.

O Facebook, porém, alegou que os usuários que tiveram suas conversas invadidas foram, unicamente, aqueles que optaram, no aplicativo Messenger, por terem seus áudios transcritos. Por isso, o objetivo seria certificar que o software era capaz de interpretar de forma correta as palavras. Apesar disso, o porta-voz garantiu o anonimato dos usuários.

O Facebook, porém, alegou que os usuários que tiveram suas conversas invadidas foram, unicamente, aqueles que optaram, no aplicativo Messenger, por terem seus áudios transcritos. Por isso, o objetivo seria certificar que o software era capaz de interpretar de forma correta as palavras. Apesar disso, o porta-voz garantiu o anonimato dos usuários.

Mais: https://www.techtudo.com.br/noticias/2019/08/facebook-admite-que-ouviu-e-transcreveu-audio-de-usuarios.ghtml

Facebook Plans on Backdooring WhatsApp

By: Bruce Schneier

This article points out that Facebook’s planned content moderation scheme will result in an encryption backdoor into WhatsApp:

In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.

The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.

Facebook’s model entirely bypasses the encryption debate by globalizing the current practice of compromising devices by building those encryption bypasses directly into the communications clients themselves and deploying what amounts to machine-based wiretaps to billions of users at once.

Once this is in place, it’s easy for the government to demand that Facebook add another filter — one that searches for communications that they care about — and alert them when it gets triggered.

Of course alternatives like Signal will exist for those who don’t want to be subject to Facebook’s content moderation, but what happens when this filtering technology is built into operating systems?

More: https://www.schneier.com/blog/archives/2019/08/facebook_plans_.html

WhatsApp discovers ‘targeted’ surveillance attack

By: Dave Lee

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber-actor”.

A fix was rolled out on Friday.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The attack was developed by Israeli firm NSO Group, according to a report in the Financial Times.

Facebook first discovered the flaw in WhatsApp earlier in May.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

Presentational grey line

How do I update WhatsApp?

Android

  • Open the Google Play store
  • Tap the menu at the top left of the screen
  • Tap My Apps & Games
  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  • The latest version of WhatsApp on Android is 2.19.134

iOS

  • Open the App Store
  • At the bottom of the screen, tap Updates
  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  • The latest version of WhatsApp on iOS is 2.19.51

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

More: https://www.bbc.com/news/technology-48262681

BEWARE – New ‘Creative’ Phishing Attack You Really Should Pay Attention To

By: Mohit Kumar

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.

Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.

Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab.

New Phishing Attack Mimics Mobile Browser Animation and Design

As you can see in the video, a malicious website that looks like Airbnb prompts users to authenticate using Facebook login, but upon clicking, the page displays a fake tab switching animation video aimed to trick users into thinking that their browsers are behaving normally.

“The Facebook login page is also definitely fake and is an overlay over the current page that makes it look like an authentic Facebook page,” Jebara said.

 

“From the moment a user accesses the malicious website, they are manipulated into performing actions that seem legitimate, all with the purpose of building up their confidence to submit their Facebook password at the final stage of the attack.”

If users are not very attentive to details and fail to spot minor differences, they would eventually end up filling the username and password fields on the phishing page, resulting in giving away their social media credentials to the attackers.

More: https://thehackernews.com/2019/03/ios-mobile-phishing-attack.html?m=1

Private messages from 81,000 hacked Facebook accounts for sale

By: Andrei Zakharov

Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts.

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

Facebook said its security had not been compromised.

And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected.

The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.

The hackers offered to sell access for 10 cents (8p) per account. However, their advert has since been taken offline.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

Intimate correspondence

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

“We sell personal information of Facebook users. Our database includes 120 million accounts,” the user wrote.

The cyber-security company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages.

Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it.

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

More: https://www.bbc.co.uk/news/amp/technology-46065796

Cybersecurity Firm Finds Way to Alter WhatsApp Messages

By: Daisuke Wakabayashi

SAN FRANCISCO — A cybersecurity company said it had discovered a flaw in WhatsApp, the Facebook-owned messaging service with 1.5 billion users, that allows scammers to alter the content or change the identity of the sender of a previously delivered message.

By creating a hacked version of the WhatsApp application, scammers can change a “quote” — a feature that allows people within a chat to display a past message and reply to it — to give the impression that someone sent a message they did not actually send, according to the company, Check Point Software Technologies.

WhatsApp acknowledged that it was possible for someone to manipulate the quote feature, but the company disagreed that it was a flaw. WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service. The company said it worked to find and remove anyone using a fake WhatsApp application to spoof the service.

“We carefully reviewed this issue and it’s the equivalent of altering an email,” Carl Woog, a spokesman for WhatsApp, said in a statement. What Check Point discovered had nothing to do with the security of WhatsApp’s so-called end-to-end encryption, which ensures only the sender and recipient can read messages, he said.

WhatsApp has 1.5 billion users on its platform, making it the world’s most widely used messaging app. It has gained popularity for the simplicity and security of its service, providing encryption so that even the company does not know the content of its users’ messages. Facebook acquired WhatsApp in 2014 for $19 billion.

But it has come under fire in recent months for the spread of misinformation on its platform. In India, false rumors about child kidnappers circulating through WhatsApp led to mob violence. In Brazil, false stories about deadly reactions to vaccines for the yellow fever spread over the messaging service.

More: https://www.nytimes.com/2018/08/07/technology/whatsapp-security-concern.html

Facebook and Google use ‘dark patterns’ around privacy settings, report says

By: BBC NEWS Technology

Facebook, Google and Microsoft push users away from privacy-friendly options on their services in an “unethical” way, according to a report by the Norwegian Consumer Council.

It studied the privacy settings of the firms and found a series of “dark patterns”, including intrusive default settings and misleading wording.

The firms gave users “an illusion of control”, its report suggested.

Both Google and Facebook said user privacy was important to them.

The report – Deceived by Design – was based on user tests which took place in April and May, when all three firms were making changes to their privacy policies to be in compliance with the EU’s General Data Protection Regulation (GDPR).

Illusion

It found examples of

  • privacy-friendly choices being hidden away
  • take-it-or-leave it choices
  • privacy-intrusive defaults with a longer process for users who want privacy-friendly options
  • some privacy settings being obscured
  • pop-ups compelling users to make certain choices, while key information is omitted or downplayed
  • no option to postpone decisions
  • threats of loss of functionality or deletion of the user account if certain settings not chosen

For example, Facebook warns anyone who wishes to disable facial recognition that doing so means that the firm “won’t be able to use this technology if a stranger uses your photo to impersonate you”.

The report concluded that users are often given the illusion of control through their privacy settings, when they are not getting it.

“Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears,” the report said.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/technology-44642569

Facebook Is Patenting Technology to Spy on You Through Your Smartphone Camera and Microphone

By: Minda Zetlin

Is Facebook using your computer camera to read your facial expressions and determine how you feel about what you see on your screen? Is it using your phone’s microphone to eavesdrop on you and find out what television programs you watch? Is it tracking your phone’s location in the middle of the night to find out where you live?

Maybe not, or at least not yet. But the company has applied for patents to do all these things, and many others, all of them intended to study your behavior and personality and even predict your future, in order to better serve Facebook’s customers. You may think that’s you, but it’s actually Facebook’s advertisers, which account for 99 percent of its revenue.

Sahil Chinoy, a graphics editor for The New York Times, recently reviewed hundreds of Facebook’s patent applications and appropriately dubbed many of them “creepy.” Here are four of the creepiest:

1. A patent for using your device’s front facing camera to read your facial expressions and determine how you feel about what you see on the screen.

2. A patent for using your phone’s microphone to eavesdrop on you, determining which television programs you’re watching and whether the ads are muted. It would also use the electrical signals emitted by your television to identify programs.

3. A patent that would track your weekly routine. It might also use your phone’s location in the middle of the night to try to determine where you live (or at least sleep).

4. A patent that would use your posts and messages–and credit card transactions–to predict your major life events, such as a birth, marriage, graduation, or death. Advertisers particularly value knowing when such events might occur soon.

Does all this make the little hairs on the back of your neck stand on end? Not to worry, says Facebook VP Allen Lo, head of intellectual property. “Most of the technology outlined in these patents has not been included in any of our products, and never will be,” he told the Times in an email.

But, any way you look at it, that’s not a comforting response. Applying for a patent isn’t a quick or easy matter. It typically involves tens of thousands of dollars worth of attorney’s fees. It’s certainly true that companies sometimes patent a concept in anticipation that either they will be sued by a company using similar technology or will themselves initiate a lawsuit someday. But there’s simply no reason for Facebook to go to the time and expense of patenting all these sophisticated and invasive methods of data collection unless it plans to use them or at least thinks it might use them someday. Whether it ever uses these precise technologies, the company clearly intends to gain ever more precise information about its members and nonmembers so as to sell that info to those who can make use of it, or help advertisers more perfectly target their ads.

Facebook has repeatedly said it gives users total control over the information they voluntarily share with the platform. When pressed, Facebook CEO Mark Zuckerberg admitted to Congress that the company gathers “shadow profiles” on non-Facebook users–but insisted that it is simply tracking publicly available data.

But what about data Facebook collects, or may collect in the future, by spying on users through their cameras or listening through their smartphone microphones? Will it ask people to opt in before it begins gathering information this way? It’s hard to imagine even the most hard-core Facebook user giving permission for practices like these.

Can we trust Facebook not to do this stuff without asking permission first?

More:  https://www.inc.com/minda-zetlin/facebook-patents-spying-smartphone-camera-microphone-privacy.html

Facebook Collected Your Android Call History and SMS Data For Years

By: Swati Khandelwal

Facebook knows a lot about you, your likes and dislikes—it’s no surprise.

But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year.

tweet from Dylan McKay, a New Zealand-based programmer, which received more than 38,000 retweets (at the time of writing), showed how he found his year-old data—including complete logs of incoming and outgoing calls and SMS messages—in an archive he downloaded (as a ZIP file) from Facebook.

Facebook was collecting this data on its users from last few years, which was even reported earlier in media, but the story did not get much attention at that time.

Since Facebook had been embroiled into controversies over its data sharing practices after the Cambridge Analytica scandal last week, tweets from McKay went viral and has now fueled the never-ending privacy debate.

A Facebook spokesperson explained, since almost all social networking sites have been designed to make it easier for users to connect with their friends and family members, Facebook also uploads its users’ contacts to offer same.

As Ars reported, in older versions of Android when permissions were a lot less strict, the Facebook app took away contact permission at the time of installation that allowed the company access to call and message data automatically.

Eventually, Google changed the way Android permissions worked in version 16 of its API, making them more clear and granular by informing users whenever any app tries to execute permissions.

More: https://thehackernews.com/2018/03/facebook-android-data.html