No Result
View All Result
  • Login
Sunday, July 3, 2022
Afternoon Voice
SUBSCRIBE
  • Home
  • Top News
  • City News
  • Nation
  • World
  • Business
  • Entertainment
    • Bollywood
    • Hollywood
  • Sports
    • Cricket
    • Hockey
    • Tennis
    • Football
    • Badminton
  • Editorial
  • Opinion
    • Column
    • Diary
    • Letters
  • Epaper
  • More
    • Editor’s Pick
    • Featured
    • Lifestyle
    • Different Strokes
    • Multimedia
    • Sci-Tech
    • Politics
No Result
View All Result
  • Home
  • Top News
  • City News
  • Nation
  • World
  • Business
  • Entertainment
    • Bollywood
    • Hollywood
  • Sports
    • Cricket
    • Hockey
    • Tennis
    • Football
    • Badminton
  • Editorial
  • Opinion
    • Column
    • Diary
    • Letters
  • Epaper
  • More
    • Editor’s Pick
    • Featured
    • Lifestyle
    • Different Strokes
    • Multimedia
    • Sci-Tech
    • Politics
No Result
View All Result
Afternoon Voice
No Result
View All Result
  • Home
  • Top News
  • City News
  • Nation
  • World
  • Business
  • Entertainment
  • Sports
  • Editorial
  • Opinion
  • Epaper
  • More

Home > Editorial > WhatsApp users’ needs to be careful but no app is immune to vulnerabilities

WhatsApp users’ needs to be careful but no app is immune to vulnerabilities

by Vaidehi Taman
April 13, 2021
in Editorial
A A
0
whatsapp, whatsapp app, cyber security, cybercrimes, signal aap, telegram, facebook
Image Courtesy: Picture Alliance/Getty Images

The maximum population of India uses smartphones and WhatsApp. This app has become their life. WhatsApp has become an inevitable communication mode. When Facebook took over WhatsApp, there were many rumours that WhatsApp was sharing some data with Facebook, including phone numbers and profile name, but this has been happening for years.

WhatsApp the messaging app doesn’t gather the content of your chats, but it does collect the metadata attached to them – such as the sender, the time a message was sent and who it was sent to. This can be shared with “Facebook companies”. Facebook’s highly disparaged data collection tenet has worn trust in the social network.

 When Facebook bought WhatsApp in 2014, it vowed to keep the two services separate. Yet only a few years later, Facebook announced aims to integrate the messaging systems of Facebook, Instagram and WhatsApp. This appears to have stalled owing to technical and regulatory difficulties about encoding, but it’s still the long-term plan.

All of sudden people not only felt cheated but they were scared of a data breach and switched to Signal, a secure messaging app, which has been the main beneficiary of the WhatsApp evacuation. Another messaging app, Telegram, has also qualified for an uptick in downloads, but Signal has been topping the charts on the Apple and Android app stores.

Signal aids from being the most similar to WhatsApp in terms of features, while Telegram has had problems as a secure and private messaging app, with its live location feature recently coming under fire for privacy breaches. Significantly, Telegram is not end-to-end encrypted by default, instead of storing your data in the cloud. The Signal is end-to-end encrypted, collects less data than Telegram and stores messages on your device rather than in the cloud.

Still, WhatsApp is used by millions of people, it is truly a dynamo when it comes to apps in general, let alone messenger ones specifically. With this level of success comes increased exposure to those who would do WhatsApp user’s harm. Those using WhatsApp on the iPhone were warned about a one-click attack risk earlier this year, for example. A reported “sharp rise” in WhatsApp security flaws across 2019 has even led to some reports of political staffers being advised to switch to contending secure messenger, Signal.

The fact is that no app is immune to security vulnerabilities; they are a fact of technological life. It’s the way those susceptibilities are dealt with that is vital. CVE-2020-1886 was a buffer-overflow problem in the WhatsApp for Android app, versions before v2.20.11 that could be caused by receiving and answering a malevolent video call.

CVE-2020-1889 affected the WhatsApp desktop client before v0.3.4932 and was an appreciation of privilege threat when combined with a remote code execution vulnerability to escape the system security sandbox. CVE-2020-1890 was another Android app problem, this time triggered by receipt of a malicious sticker message that could lead to privilege escalation once more.

CVE-2020-1891 was in both Android and iOS apps and involved the video call handler. All that’s publicly known is that it could impact confidentiality, integrity and availability. CVE-2020-1894 was a stack-overflow issue in Android and iOS apps that could allow for arbitrary code implementation triggered by a malicious push-to-talk message. Severity rating of vulnerability marked high

India’s cyber security agency, the Computer Emergency Response Team (CERT-In) recently issued an alert against multiple vulnerabilities in older versions of WhatsApp and WhatsApp Business for iOS. The severity rating of the vulnerability has been marked high. According to the alert issued by CERT-In, there were two critical vulnerabilities in WhatsApp and WhatsApp Business of iOS — an Improper Access Control vulnerability (CVE-2020-1908) and a User-After-Free vulnerability (CVE-2020-1909). These vulnerabilities have been disclosed by WhatsApp as part of its November update to its security advisories. The improper Access Control vulnerability can allow hackers to access WhatsApp even after a phone is locked. The vulnerability affects WhatsApp iOS versions prior to the v2.20.100.

The use-after-free in a logging library in WhatsApp can be exploited by a remote attacker “by sending a specially crafter animated sticker to the target while placing a WhatsApp video call on hold, resulting in several events occurring together. The CERT-In advisory suggests users install and update to the latest version of WhatsApp with security patches from the App Store. A high-severity vulnerability could allow cybercriminals to push malware or remotely execute code, using seemingly innocuous messages.

Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. And, further investigation shows this could be parlayed into remote code execution. More specifically, “The flaws leave users vulnerable to attacks by allowing both the text content and links in website previews to be tampered with to display false content and modified links that point to malicious destinations.


(Any suggestions, comments or dispute with regards to this article send us at feedback@afternoonvoice.com)

Tags: cyber securitySignalWhatsApp

Vaidehi Taman

Vaidehi an Accredited Journalist from Maharashtra is bestowed with three Honourary Doctorate in Journalism. Vaidehi has been an active journalist for past 16 years, and is also the founding editor of an English daily tabloid – Afternoon Voice, a Marathi web portal – Mumbai Manoos, monthly magazine Beyond The News, and The Democracy digital video news portal is her brain child. She is an EC Council Certified Ethical Hacker, OSCP offensive securities, Certified Security Analyst and Licensed Penetration Tester that caters to her freelance jobs. Besides journalism, she is also an Ethical Hacker, Philanthropist, and Author.

Recommended For You

Editorial

Eknath Shinde’s revolt has sparked a debate across India

June 24, 2022
uddhav, thackeray, uddhav thackeray, shiv sena, sena, varsha, eknath shinde, balasaheb, bal thackeray, balasaheb thackeray, aaditya, thackeray, maharashtra politics
Editorial

The 56th anniversary of Shiv Sena became a disastrous year for the party

June 23, 2022
nitin deshmukh, shiv sena, sena, uddhav, eknath shinde, shinde, mla, mlas, shiv sena mla, deshmukh, sena, maharashtra politics, maha, politics
Editorial

Shiv Sena MLA escapes from rebel camp with the horror of life

June 22, 2022
assam, flood, rain, assam floods, maharashtra, mumbai, rains
Editorial

India suffers floods and draughts every year

June 20, 2022
sri lanka, emergency, sri lankan government, sri lankan, facebook, twitter, whatsapp, emergency in sri lanka
Editorial

Technology can be sometimes in public jeopardy?

June 19, 2022
agnipath, agneepath, agnipath scheme, army scheme, army recruitment, army services, protest in india, protest over agnipath, agneepath scheme, indian army
Editorial

Army aspirants agitate over the Centre’s ‘Agnipath’ scheme

June 16, 2022
ADVERTISEMENT

LATEST

Aarey Colony, Biodiversity, Protest.

The opposition to the project was to save the metropolis’ biodiversity : Aaditya Thackeray 

July 3, 2022
Army Medical camp, Dal Lake, Medical camp, Jammu and Kashmir

Dal Lake: free medical camp organised by India army

July 3, 2022
rahul narvekar, speaker, maharashtra assembly, narvekar, shiv sena, eknath shinde, fadnavis, bjp, devendra fadnavis

Maharashtra state assembly elects Rahul as the new speaker with 164 votes

July 3, 2022
Maha Assembly, Eknath Shinde, devendra fadnavis

The Maha Assembly’s speaker election is begin to elect

July 3, 2022
pv sindhu, sindhu, tennis, badmington, sports, Tai Tzu Ying, Prannoy

Sindhu loses to nemesis Tai Tzu Ying, Prannoy also exits from Malaysia Open

July 1, 2022
ADVERTISEMENT
Afternoon Voice

© 2022 Newsmakers Publications Pvt. Ltd. | All rights reserved.

Important Links

  • Disclaimer
  • Privacy Policy
  • About Us
  • Contact Us
  • Support Parallel Media

Follow Us

No Result
View All Result
  • Home
  • Top News
  • City News
  • Nation
  • World
  • Business
  • Entertainment
    • Bollywood
    • Hollywood
  • Sports
    • Cricket
    • Hockey
    • Tennis
    • Football
    • Badminton
  • Editorial
  • Opinion
    • Column
    • Diary
    • Letters
  • Epaper
  • More
    • Editor’s Pick
    • Featured
    • Lifestyle
    • Different Strokes
    • Multimedia
    • Sci-Tech
    • Politics

© 2022 Newsmakers Publications Pvt. Ltd. | All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?