Tag Archives: WhatsApp

Meta Takes Down 8,000 Scam Ads to Stem “Celeb Bait” Scams with Australian Banks

Posted on by
Reply

Meta, the parent company of Facebook and Instagram, has removed around 8,000 “celeb bait” scam ads as part of a new collaboration with Australian banks. These scams often use images of famous personalities, many of which are created by artificial intelligence, to deceive people into investing in fake schemes.

Meta acted after receiving 102 reports since April from the Australian Financial Crimes Exchange, an intelligence-sharing platform led by major banks. These scams are a global issue, but Australia is putting additional pressure on Meta to address the problem, as Prime Minister Anthony Albanese’s government plans to introduce a new anti-scam law by the end of this year.

The proposed law could impose fines of up to A$50 million (around ₹280 crore) on social media, financial, and telecom companies that fail to control these scams. Public consultation for the law ends on October 4.

Scam reports in Australia have surged by nearly 20% in 2023, with total losses reaching A$2.7 billion (₹15,000 crore), according to the Australian Competition and Consumer Commission (ACCC). The ACCC previously sued Meta in 2022, accusing the company of not stopping fake cryptocurrency ads featuring celebrities like Mel Gibson, Russell Crowe, and Nicole Kidman. It estimated that 58% of cryptocurrency ads on Facebook could be scams. Meta is currently contesting the lawsuit, which has yet to go to trial.

In addition, Meta is facing another lawsuit from Australian billionaire Andrew Forrest. Forrest alleges that Meta allowed the spread of thousands of fake cryptocurrency ads on Facebook using his image. He claims Australians have continued to lose money to these scams since he first warned Meta in 2019.

David Agranovich, Meta’s Director of Threat Disruption, said that the initiative with Australian banks is still in its early stages but is showing promise. “A small amount of high-value information is helping us identify larger scam activities,” he said during a media briefing.

When asked about Australia’s proposed anti-scam law, Agranovich said Meta is still reviewing the draft and will share more details later. Rhonda Luo, the Head of Strategy at the Australian Financial Crimes Exchange, emphasized the importance of industry initiatives, saying, “It’s better to act early on scams rather than wait for regulations to take effect.”

WhatsApp’s critical bug found, fixed, re-install now, advises Meta

Posted on by
Reply

WhatsApp owner Meta has revealed that a critical bug in older installations was fixed now and advised all users to update their devices with latest software version.

It said the vulnerability could allow an attacker to exploit a code error known as an integer overflow. “An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call,” WhatsApp said in an update.

Remote code executions (RCEs) usually occur due to malicious malware downloaded by the host and can happen regardless of the device’s geographic location and a hacker can remotely execute commands on someone else’s computing device.

YouTube video player
The recently disclosed vulnerability called CVE-2022-36934, with a severity score of 9.8 out of 10 on the CVE scale and another bug that could have caused remote code execution when receiving a crafted video file – have been patched in the latest WhatsApp version, said the company.

WhatsApp is also rolling out Call Links to make it easier to start and join a call in just one tap and is testing secured and encrypted group video calls for up to 32 people on WhatsApp.

Computer scientists address gap in messaging privacy

Posted on by
Reply

Researchers have developed a solution to a longstanding problem in the field of end-to-end encryption, a technique that ensures that only sender and recipient can read a message.

With current end-to-end encryption, if an attacker compromises a recipient’s device, they can then put themselves in a position to intercept, read and alter all future communications without sender or recipient ever knowing.

The new protocol, published in IEEE Transactions on Information Forensics and Security, forces attackers to leave evidence of any such activity and alerts users to take action.

Dr. Jiangshan Yu at the University of Luxembourg, Professor Mark Ryan at the University of Birmingham and Professor Cas Cremers at the University of Oxford, were motivated by the discovery of mass software vulnerabilities, such as the Heartbleed bug, that make the majority of devices vulnerable to compromise.

Dr Yu explained, “There are excellent end-to-end encryption services out there, but by definition they rely on your device itself remaining secure; once a device has been compromised there’s little we can do. That’s the problem we wanted to solve.”

Following Edward Snowden’s revelations about government mass surveillance, end-to-end encryption is now widely available through services such as Facebook’s WhatsApp. The approach uses pairs of cryptographic ‘keys’ for the sender to encrypt and the recipient to decrypt messages; anyone wanting to read your messages has to first hack into your phone to steal your latest keys. The attacker then performs a ‘Man-in-the-middle’ (MITM) attack, for example by taking control of your WIFI router to intercept your messages, and uses the stolen keys to impersonate you.

Current encryption protocols such as Signal used by WhatsApp make the most of the fact that a MITM attacker can only intercept messages sent via the compromised network. For example, as soon as you send a message via 3G rather than the compromised WiFi the attacker will no longer be able to act as an intermediary. They will lose track of the keys and be locked out of the conversation.

The solution, called DECIM (Detecting Endpoint Compromise in Messaging), addresses the question of what to do when the attacker is in a position to intercept all of your messages on a long-term basis. Both your Internet Service Provider and messaging service operator are in such positions – all your messages pass through their servers – so that if they obtained your keys, they would never be locked out of a conversation, and you would never know.

With DECIM, the recipient’s device automatically certifies new key pairs, storing the certificates in a tamper-resistant public ledger.

The team undertook a formal security analysis using a symbolic protocol verification tool, the ‘Tamarin prover’, which runs millions of possible attack situations, verifying DECIM’s capabilities. This is a rare step for a messaging protocol, and the same analysis for other protocols revealed several security flaws.

“There’s no silver bullet in the field of end-to-end encryption”, said Dr. Yu, “but we hope that our contribution can add an extra layer of security and help to level the playing field between users and attackers.”

Professor Mark Ryan, from the School of Computer Science at the University of Birmingham, said, “Our Security and Privacy group tries to solve problems that are important to society. Given the prevalence of cyber-attacks on phones and laptops, we are proud of this work on detecting when encryption keys have become compromised. Next, we intend to apply for this work on detecting encryption key compromise to applications, for example in blockchain or in Internet-based voting.”