The Reuters agency revealed in exclusive that Alphabet Inc’s Google has suspended some business with Huawei after Trump’s ban on the telco giant.
The news a bomb, Google has suspended some business with Huawei after Trump’s ban on the Chinese
In November, The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures.
The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.
The decision is a blow to the Huawei and has a significant impact on its strategy.
Just on Thursday, President Trump added Huawei Technologies to a trade blacklist, but on Friday, the U.S. Commerce Department said it was considering to debunk the decision on the company to “prevent the interruption of existing network operations and equipment”.
“Alphabet Inc’s Google has suspended business with Huawei that requires the transfer of hardware, software and technical services except those publicly available via open source licensing.” reported the Reuters.
Google explained that there will be no impact on current owners of Huawei devices running Google software because they will continue to receive updates provided by the US firm.
“We are complying with the order and reviewing the implications,” said a Google spokesperson.
“For users of our services, Google Play and the security protections from Google Play Protect will continue to function on existing Huawei devices,”
Of course, the decision will disrupt the commercial activity of Chinese telco firm outside China. Everyone will buy a Huawei device will have no access to updates to Google Android and will have no access to Google services, including the Google Play Store and Gmail and YouTube apps.
Google confirmed that Huawei will only be able to use the public version of Android (Android Open Source Project (AOSP)), but the users of the Chinese giant will not be able to get access to proprietary apps and services from Google.
The Google decision could make it impossible for the Chinese company to sell its devices abroad and other companies could interrupt any trade with the company fearing repercussions.
Intel Corp, Qualcomm Inc, Xilinx Inc, and Broadcom Inc have already announced that they will not supply critical software and components to Huawei until further notice.
Is the Chinese giant ready to face this earthquake?
According to the company, it is already working to develop its own technology fearing a total block from US companies.
“Huawei has said it has spent the last few years preparing a contingency plan by developing its own technology in case it is blocked from using Android. Some of this technology is already being used in products sold in China, the company has said.” reported the Reuters.
“No matter what happens, the Android Community does not have any legal right to block any company from accessing its open-source license,”
March, Eric Xu, rotating chairman of Huawei, told to Reuters.
The post Google will block Huawei from using Android and its services appeared first on Security Affairs.
A bad software update causes big headaches for Dutch police, but brings temporary freedom to criminals. SIM swaps are in the news again as fraudsters steal millions. And does your cloud photo storage service have a dirty little secret?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rip Off Britain’s David McClelland.
Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.
So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, cybercriminals first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can snoop around the user’s device, likely without the victim’s knowledge.
Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:
- Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
- Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
- Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.
The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.
Twitter confirmed revealed that a bug in its iOS app it the root cause for an inadvertent collection of location data and sharing it with a third-party.
A new story of a violation of the user’s privacy made the lines, Twitter revealed that due to a bug is collected and shared iOS location data with a
Fortunately, only one partner of the micro-blogging firm was involved and the data collection and sharing occurred in certain circumstances.
“We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.” reads the security advisory published by Twitter.
“Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,”
Twitter admitted having failed into removing the location data from the information shared with the trusted advertising partner that was accessing it during real-time bidding process.
The company pointed out that location data its
Twitter did not share users’ handles or other unique account IDs, this means that it was impossible to link the identity of a specific user to a geographic location.
“The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter.” continues the announcement.
“This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner,”
Another good news is that the partner did not retain the data that was deleted “as part of their normal process.”
Twitter has already fixed the issue and notified the incident to all the impacted users, anyway it did not reveal the extent of the incident either for how long it shared the data with its partner.
“We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us. We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day,” concludes Twitter.
The post Twitter inadvertently collected and shared iOS location data appeared first on Security Affairs.
Consumer spending on technology is forecast to reach $1.32 trillion in 2019, an increase of 3.5% over 2018. Consumer purchases of traditional and emerging technologies will remain strong over the 2018-2022 forecast period, reaching $1.43 trillion in 2022 with a five-year compound annual growth rate (CAGR) of 3.0%, according to IDC. Consumer purchases of traditional and emerging technologies will remain strong over the 2018-2022 forecast period, reaching $1.43 trillion in 2022 with a five-year compound … More
The post Consumer spending on technology to reach $1.32 trillion in 2019 appeared first on Help Net Security.
Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device.
Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.
WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” reads the description provided by Facebook.
The WhatsApp zero-day vulnerability is a buffer overflow issue that affects the WhatsApp VOIP stack. The flaw could be exploited by a remote attacker to execute arbitrary code by sending specially crafted SRTCP packets to the targeted mobile device.
Facebook fixed the issue with the release of WhatsApp for Android 2.19.134, WhatsApp Business for Android 2.19.44, WhatsApp for iOS 2.19.51, WhatsApp Business for iOS 2.19.51, WhatsApp for Windows Phone 2.18.348, and WhatsApp for Tizen 2.18.15. Any prior version of the popular instant messaging app is vulnerable. The company also implemented a server-side patch that was deployed at the end of last week.
The bad news is that experts are aware of attacks exploiting the WhatsApp zero-day to deliver surveillance software.
The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups, activists, journalists, lawyers, and dissidents. Security experts have detected and analyzed some of the tools in its arsenals, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). Chrysaor was used in targeted attacks against journalists and activists, mostly located in Israel, other victims were in Georgia, Turkey, Mexico, the UAE and other countries. Experts believe the Chrysaor espionage
In September, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.
In November, Snowden warned of abuse of surveillance software that also had a role in the murder of the Saudi Arabian journalist Jamal Khashoggi.
Now The Financial Times described a scaring scenario in which attackers were able to exploit the WhatsApp zero-day vulnerability by just making a call to the target device via WhatsApp. The exploitation of the vulnerability doesn’t require the victim’s interaction. In fact, the victim does not need to answer for the vulnerability to be exploited, and it seems that after the attack there is no trace on the device of the malicious incoming calls.
The Financial Times cites the case of an unnamed attorney based in the United Kingdom that was targeted on May 12. The lawyer is involved in a lawsuit filed against NSO by individuals that were targeted with the surveillance software of the company.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” reads a briefing document note for journalists cited by BBC and other media outlets.
Of course, the NSO Group denied any support to government agencies that could have targeted the UK lawyer with its surveillance software.
“NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual,” states NSO group.
The post WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware appeared first on Security Affairs.
Do you want to know which is the best encrypted messaging app out there and how it can protect your valuable data? This guide might be exactly what you’re looking for.
We compiled a list of useful encrypted apps because the struggle for keeping our data secure is fiercer than ever. Governments crave for it, companies seek access to it, and cyber criminals probably want it the most.
Many of you could believe that all the confidential data shared is safe via Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion. The recent events in which Facebook shared users’ private information with Cambridge Analytica in what seems to be one of the social network’s largest data breaches, should make us more aware of the importance of data privacy.
Check out this list of the best #encrypted messaging apps to protect your privacy & security:
Click To Tweet
Use this privacy and security guide to better secure your Facebook account.
Without end-to-end encryption, your conversations most likely will get into the hands of cyber criminals, and other malicious actors focused on stealing them.
To better understand how end-to-end encryption works, check out this infographic below:
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder, and LinkedIn engineer sums up the value of end-to-end encryption in a great blogpost:
Although encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison between different types of data encryption is also useful to explain the difference between the widely used encryption in transit and the more secure end-to-end encryption process:
Source: Martin Kleppmann’s personal blog
The most secure messaging apps
Since 2016, WhatsApp has enabled and implemented end-to-end encryption, so users can enjoy a more secure communication. With more than 1.5 billion users, the platform has been acquired by Facebook and offers a free app to small-to-medium sized and enterprise businesses alike.
Security-wise, encryption enhances communication privacy and protects users’ messages from impostors or malicious actors. While security flaws may appear, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
App cost: FREE
Since 2017 its corporate name has been Rakuten Viber and is currently based in Luxembourg.
This private chat app has plenty of useful features in order to offer users high-quality calling experience and all of them are secured, so the information shared is protected along the way with the end-to-end encryption system.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
App cost: FREE
Users: More than 900 million registered users
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
App cost: FREE
Users: over 700 million
Similar to other messaging apps, Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. For users who want more privacy, they can turn on “Secret Chats” from the app’s advanced settings. Read more details about this feature:
“And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well.
You can order your messages, photos, videos and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then disappear from both your and your friend’s devices.”
All secret chats in Telegram are device-specific and are not part of the Telegram cloud, meaning that you can only access messages in a secret chat from their device of origin. If your device is safe, your secret chats are safe as well.
App cost: FREE
Users: Over 200 million active users
This feature offers users the option of securing messages with end-to-end encrypted chatting option. However, KakaoTalk’s default chat mode is not end-to-end encrypted, so you’ll have to enable it.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
App cost: FREE
Users: Over 220 million registered
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core of the company’s products. When Twitter acquired it in 2011, the goal was to improve the security in the microblogging platform.
Its encryption engine is open source, which means is available for everyone to inspect.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
Recently, the app received a $50 million investment from the WhatsApp co-founder Brian Acton which is supporting the non-profit Signal Foundation’s mission of “making private communication accessible and ubiquitous”.
Signal is also WIRED’s secure messaging recommendation to use it because “it’s free, it works on every mobile platform, and the developers are committed to keeping it simple and fast by not mucking up the experience with ads, web-tracking, stickers, or animated poop emoji.”
App cost: FREE
“You can erase your messages off other people’s phones. No messages are permanently stored on phones or servers. Messages are heavily encrypted and not accessible to anyone, even us.”
What Dust is trying to create is a social communication platform with enhanced security and privacy, by using a combination of AES 128 and RSA 248 encryption.
App cost: FREE for both Android and iOS platforms
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Threema app has a “Private Chats” feature that can help users protect individual chats with a PIN code. This way, confidential chats are protected from malicious actors.
Another great thing about this app is the QR code and key fingerprint available for user verifications to prevent man-in-the-middle attacks.
App cost: 2,99 EUR
This app is open source and doesn’t require a phone number or email address to register. Built with privacy in mind, Wickr I does not collect data or have access to users’ data.
This page dedicated to the encryption standard used in Wickr is extremely useful for those who want to understand how end-to-end encryption works.
The company’s Chief Technical Officer explains on the blog how Cyphr works in plain terms, so we recommend reading this section before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Cyphr is a zero-knowledge messaging app, which means that your private messages cannot be read, shared or decrypted but third-parties.
Although it doesn’t have desktop or web apps yet, Cyphr is worth a try.
App cost: FREE
By using it, you can also make encrypted voice calls, without any records on your phone bill. The app also includes a private vault feature for extra security so you can use to store your files in and hide videos, photos, passwords and any files.
App cost: FREE
Is another messaging app that focuses on keeping your messages safe, using encryption for text messages over the air and on your phone. Similar with Signal and Wickr Me apps, it is open source and free.
Formerly known as SMSecure, Silence app has a simple and friendly interface and uses encrypted SMS messages with no Internet connection required.
App cost: FREE
Download it from Google Play Store
13. Pryvate Now
Whether you are an Android or iOS user, you can freely start chatting and messaging with Pryvate app.
In 2015 it won the award for “Best Business – Best Mobile App” and ensures your communications are encrypted and fully secured.
This messaging app offers world-class RSA 4096-bit encryption technology and involves NO servers or middleman for communications, so users can enjoy direct communications with their colleagues, friends or family.
It includes a “Self Destruct” feature which lets you delete all your messages sent on recipients device at any time.
This small mobile messaging app uses end-to-end encryption technology for every text, image, and voice you are sending to one of your friends or colleagues, so no stranger can read it.
Surespot app doesn’t share any data about you and transfers your conversations securely to other devices. This guide can show how the app works and how can you protect all your mobile messages.
It worths knowing that it does not require or store your data.
Here’s another great encrypted messaging app that is worth a try. Unlike other services out there, it offers end-to-end encryption by default to secure your conversations, files and images, text files and more.
It is open source and collaborative platform, and has plenty of useful features: fully encrypted video calls, secure file sharing, synced between devices and others. Wire has a free version for personal use ( after creating an account) and paid one for organizations (large enterprises).
It works on all popular platforms: Windows, Android, iOS, macOS, Linux, and different browsers (Chrome, Firefox, Edge, Opera).
More to come
This list isn’t complete, so we believe we’ll update it soon.
If you have any encrypted messaging apps that should be on this list to add, do let us know, or leave a comment below, and we’ll be happy to include them.
Until then, remember that popular apps like Twitter, Instagram, Snapchat or Facebook Messanger don’t use end-to-end encryption, so your conversations and files may not be fully secured. If you are a Skype user like me, you should know that the company has introduced end-to-end encryption at the beginning of 2018.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpful.
We’re living in a digital world where security and privacy matter more than ever. If you are concern about your data and value privacy, then it’s a must to use one of these encryption messaging apps to better secure them from spies, hackers or any other malicious actors.
INSTALL IT, FORGET IT AND BE PROTECTEDDownload Thor FREE
This article was initially written by Andra Zaharia in June 2016, and updated by Ioana Rijnetu in June 2018.
The post The Best Encrypted Messaging Apps You Should Use Today [Updated 2019] appeared first on Heimdal Security Blog.
What’s the worst that can happen if you join a Hollywood hard man’s Facebook page? What drove a man to hijack a website’s name at gunpoint? And can you solve the mystery of the Canadian Hamburglar?
Find out in the award-winning “Smashing Security” podcast with Graham Cluley, Carole Theriault, and special guest Mark Stockley from Naked Security.
Phishing scams have become incredibly popular these days. Cybercriminals have upped the ante with their tactics, making their phishing messages almost identical to the companies they attempt to spoof. We’ve all heard about phishing emails, SMiShing, and voice phishing, but cybercriminals are turning to social media for their schemes as well. Last week, the “Nasty List” phishing scam plagued Instagram users everywhere, leading victims to fake login pages as a means to steal their credentials. Now, cybercriminals are capitalizing on the success of the “Nasty List” campaign with a new Instagram phishing scam called “The HotList.”
This scam markets itself as a collection of pictures ranked according to attractiveness. Similar to the “Nasty List,” this scheme sends messages to victims through hacked accounts saying that the user has been spotted on this so-called “hot list.” The messages claim to have seen the recipient’s images on the profile @The_HotList_95. If the user goes to the profile and clicks the link in the bio, they are presented with what appears to be a legitimate Instagram login page. Users are tricked into entering their login credentials on the fake login pages, whose URL typically ends in .me domains. Once the cybercriminals acquire the victim’s login, they are able to use their account to further spread the campaign.
Images courtesy of Bleeping Computer.
Luckily, there are steps users can take to help ensure that their Instagram account stays secure:
- Be skeptical of messages from unknown users. If you receive a message from someone you don’t know, it’s best to ignore the message altogether or block the user. And if you think a friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common indicators of a potential scam at play.
- Exercise caution when inspecting links sent to your messages. Always inspect a URL before you click on it. In the case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends in .me.
- Reset your password. If your account was hacked by “The HotList” but you still have access to your account, reset your password to regain control of your page.
Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for a very expensive service plan to use basic tool functionalities like voice recording and opening zip files.
The two apps being called into question, “Voice recorder free” and “Zip File Reader,” have been downloaded over 600,000 times combined. So at first glance, users may assume that these are reputable apps. Once installed, they offer the user an option to use a “Free trial” or to “Pay now.” If the user selects the trial version, they are presented with a subscription page to enter their credit card details for when the three-day trial is over. However, these apps charge a ridiculously high amount once the trial is up. “Voice recorder free” charges a whopping $242 a month and “Zip File Reader” charges $160 a week.
Users who have downloaded these apps and then deleted them after their free trial may be surprised to know that uninstalling the app will not cancel the subscription, so they could still be charged these astronomical amounts for weeks without realizing it. While this is not technically illegal, it is a deceptive tactic that app developers are using to try to make an easy profit off of consumers who might forget to cancel their free trial.
With that said, there are a few things users can do to avoid becoming victim to deceptive schemes such as these in the future. Here are some tips to keep in mind when it comes to downloading free apps:
- Be vigilant and read app reviews. Even if an app has a lot of downloads, make sure to comb through all of the reviews and read up before downloading anything to your device.
- Read the fine print. If you decide to install an app with a free trial, make sure you understand what fees you will be charged if you keep the subscription.
- Remember to cancel your subscription. If you find a reputable free app that you’ve researched and want to use for a trial period, remember to cancel the subscription before uninstalling the app off your device. Instructions on canceling, pausing, and changing a subscription can be found on Google Play’s Help page.
The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.
FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime to hear the audio coming from the recipient’s phone, even before they’ve accepted or denied the call.
Let’s start with how the eavesdropping bug actually works. First, a user would have to start a FaceTime video call with an iPhone contact and while the call is dialing, they must swipe up from the bottom of the screen and tap “Add Person.” Then, they can add their own phone number to the “Add Person” screen. From there, the user can start a group FaceTime call between themselves and the original person dialed, even if that person hasn’t accepted the call. What’s more – if the user presses the volume up or down, the victim’s front-face camera is exposed too.
This bug acts as a reminder that these days your smartphone is just as data rich as your computer. So, as we adopt new technology into our everyday lives, we all must consider how these emerging technology trends could create security risks if we don’t take steps to protect our data.
Therefore, it’s crucial all iOS users that are running iOS 12.1 or later take the right steps now to protect their device and their data. If you’re an Apple user affected by this bug, be sure to follow these helpful security steps:
- Update, update, update. Speaking of fixes – patches for bugs are included in software updates that come from the provider. Therefore, make sure you always update your device as soon as one is available. Apple has already confirmed that a fix is underway as we speak.
- Be sure to disable FaceTime in iOS settings now. Until this bug is fixed, it is best to just disable the feature entirely to be sure no one is listening in on you. When a fix does emerge from Apple, you can look into enabling the service again.
- Apply additional security to your phone. Though the bug will hopefully be patched within the next software update, it doesn’t hurt to always cover your device with an extra layer of security. To protect your phone from any additional mobile threats coming its way, be sure to use a security solution such as McAfee Mobile Security.
The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.