How to stop WhatsApp sharing my data with Facebook ?

In an effort to improve targeted advertisements on the social network, Whatsapp now shares your mobile phone number with Facebook. WhatsApp will now pass on users' information onto its parent company, Facebook.

This was a major change announced by Whatsapp's official blog. However, WhatsApp claims the changes will make the experience better for its users. It clarified that users' encrypted messages will remain private and that Whatsapp won’t post, sell, share, or give your phone number to advertisers.
But despite these assurances, you might still not be comfortable in passing your mobile number to Facebook.


How to stop it ?

If you are an existing user as of August 25, 2016, Whatspp allows you to decide whether Facebook should send you targetted ads and products experiences.

1) Just Go To > Accounts > Share my account info - Remove the tick

2) Tap on Don't share..!!




If you choose to opt out, Facebook will no longer be able to suggest friends or improve the ads you see based on your WhatsApp number.

According to WhatsApp, this is also available within the app settings on Android for 30 days after you accept the new privacy policy and terms

FBI-owned Megaupload.com presents soft porn

The US Government had seized several domain names belonging to Kim dotcom's file hosting service. They had a case against Megaupload domain and it was brought down half a decade ago. However, the FBI authorities have not taken necessary steps to keep it secured and recently it was found that Megaupload.org links to a soft porn portal.

Over the span of 5 years, only little progress has been made legally. The US government controls most of the the company's assets which includes a dozen of other domains such as Megastuff.co, Megaclicks.org, Megaworld.mobi, Megaupload.com, Megaupload.org, and Megavideo.com.

Earlier over the years a banner was displayed conveying that the domain has been seized as part of criminal investigation. However, two days ago, all the domains including megaupload.org, megastuff.co, megaclicks.org and megaworld.mobi was nourished with a site dedicated to soft porn advertisements. It was surprising to find that the administrative and technical contact for all these domains were the internal team of FBI since they had seized it.

What made this happen ?

The FBI used an expired domain named Cirfu.net for their nameservers. After Cirfu.net expired, someone else bought that domain name and linked Megaupload.com to display ads of scams. However, the U.S. government authorities fixed this by taking down bthe nameservers altogether. But, some of the seized domains were left untouched.

Cirfu.net domain got expired once again few weeks ago when it was picked up by an outsider and parked it at Rook Media, to rake in some cash from the FBI-controlled domains.

The WHOIS data clearly indicates that Megaupload.org still uses the old Cirfu.net nameservers, which means that an outsider is now able to control several of the 'hijacked' Megaupload domain names.

No much visitors have been observed on the ‘hijacked’ domains but it is embarrassing to have them linked to ads and soft porn. Kim Dotcom reacts to this incident stating - “Their handling of the Megaupload domain is a reflection of the entire case: Unprofessional,”

Corporate espionage with iOS Zero-day vulnerabilities

Recently, a very sophisticated and targeted mobile attack on iOS using three zero-day vulnerabilities was discovered. The attacker can exploit 3 zero-day vulnerabilities (CVE-2016-4655, CVE-2016-4656, CVE-2016-4657) to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, etc. Organizations who have their employees use their phones for both personal and professional communications are susceptible to such attacks.

NSO Group, an organization that claims to specialize in “cyber war,” created Pegasus, a mobile espionage product which uses three previously-unknown vulnerabilities in iOS. It takes advantage of : always connected (Wi-Fi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. 

STAGE 1 Delivery and WebKit vulnerability: The attacker tricks a user to visit a malicious HTML page / file from his iPhone, that exploits a vulnerability (CVE-2016-4655) in WebKit (used in Safari and other browsers). 

STAGE 2 Jailbreak: On successful exploitation of Safari browser, it downloads an obfuscated and encrypted package. Each time the package is downloaded, it is encrypted with unique keys, making traditional network-based controls ineffective. It contains the code that is needed to exploit the iOS Kernel (CVE-2016-4656 and CVE-2016-4657) and a loader that downloads and decrypts a package for stage 3. 

STAGE 3 Espionage software: Post remote jailbrake, the espionage software, daemons, and other processes that are used are downloaded and hooks into the applications the attacker wishes to spy on. Additionally, stage 3 detects if the device was previously jailbroken through another method and, if so, removes any access to the device that the jailbreak provides, such as via SSH. The software also contains a failsafe to remove itself if certain conditions are present.

The target’s phone is remotely jailbroken and  all personal information including Call lists, texts, calendar and contacts are all copied and sent to the attacker.  It activates the phone’s cameras and microphone to snoop on conversations around the device. Victim’s movements are tracked and even messages from end-to-end encrypted chat clients are stolen. Competitors and nation-state actors are more interested in credentials and communications and business apps such as Gmail, Skype, WhatsApp, Calendar and others that may contain confidential technical, financial, or customer information.

In this mobile era, ideally an attacker would have access to more sensitive information than from a compromised laptop. Researchers from Lookout and Citizen Lab assisted Apple to fix the vulnerabilities and Apple has successfully patched all the 3 vulnerabilities in its 9.3.5 update. Hence, All iOS users should update to this version immediately.

More detailed technical analysis is available here.