Jump to content
  • In Android versions of Telegram and WhatsApp found a dangerous vulnerability


    DeZire

    The developers of Telegram and WhatsApp have repeatedly stated about the security of their messengers with encryption. But as it turned out, user privacy depends on other factors: the network has a description of an unusual method of fraud using popular Android-applications.

    Symantec experts have published information about the vulnerability of Media File Jacking for Android versions of these messengers. The attack on users was carried out by means of interception of media files bypassing encryption algorithms. Telegram and WhatsApp store the received images either in the internal storage of the messenger or in the external memory. The latter becomes a source of leakage of user files.

    When hackers gain access to external storage using malware, they are able to edit or replace user files. Using the vulnerability, an attacker can edit the image and replace the number of the Bank card or the sender's account with his own. Experts say that this feature of Android-applications is known for a long time, and users have to choose between privacy and advanced functionality when storing data on external drives.

    In Android versions of Telegram and WhatsApp found a dangerous vulnerability

    Using the same vulnerability, attackers can fake audio messages or spread fake news. According to the source, representatives of WhatsApp have already reported the closure of the vulnerability with the latest version of the messenger. Telegram developers have not commented on the situation.



    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By Priyanka
      Today WhatsApp messenger turns ten years old. During this time, he managed to gain a billion users, gained worldwide popularity, finished off SMS and sold "Facebook" for insane money. And it was created by one American and three natives of the USSR: Ukrainian Jan Kum and Russians Alex Fishman and Igor Solomennikov.

      The birth of the messenger
      Jan grew up in the Kyiv region, in the family of a housewife and a foreman who led the construction of schools and hospitals. He spent his childhood during the restructuring, and the house did not have electricity or hot water. Those were difficult times, the political situation and anti-Semitic sentiments in the country forced the family to emigrate godfather in the 1990s. He came to the United States with his mother and settled in mountain view — the city's largest technology companies and minds.
      To survive, both went to work — Jan's mother got a job as a nanny, and he as a janitor in the store. In parallel, the godfather finished in school but has quickly earned a reputation as a bully and with peers almost did not communicate. The free time he spent in libraries, which lent books on the functioning of computer systems. Kum began programming at the age of 19 and soon got into the group of hackers w00w00.

      Jan Kum (far right) at DefCon hacker conference, 1999
      After high school, Ian went to the University of San Jose and got a job in the Department of information security Ernst & Young. In 1997, he met Brian Acton, a Yahoo employee. He offered Jan to analyze the advertising platform on the resource. Kum took over and managed. Six months later, he was enlisted in the state — of course, not without the protection of Acton. Soon before the Ukrainian got the first serious choice: to quit school for a career or try to combine? In those days, Yahoo servers sagged under load and required an intelligent engineer. So the answer was obvious-work is more important than the diploma.
      Soon in the hands of Jan got iPhone. He realized that the smartphone has great potential. In those years, the godfather was fond of Boxing, and the owners of the hall forbade the use of mobile phones. The future startup was annoyed that he missed important calls. Then the godfather thought: and not to create an application that shows its status? Let's say "busy," "free," or "in training." So people wouldn't call in vain. The name was born by itself: WhatsApp — "what's going on?".
      At that time, Ian often talked with the former Russian Alex Fishman — he arranged an evening of "pizza and cinema" for the local Russian community. At these parties, coom, and Fishman often discussed the idea of a new application. Once Alex brought Jan to the developer of mobile programs-Russian Igor Solomennikov. He had to help in programming-Ukrainian lacked skills in this matter.

      Alex Fischer and Jan Koum at Startup Grind Europe
      On February 24, 2009, Yang Kum established WhatsApp Inc in California. a month later, the first version of the app appeared in the App Store. However, it downloaded only hundreds of friends, which is Kum get-togethers with pizza excitedly talked about "up again I". The number of users did not grow — the startup thought that in vain hoped for himself, and already began to give up. Sharing his disappointment with Acton, he was about to look for work again, as He had given friendly advice — to wait for a little.
      On top
      When users change statuses, the program has sent a push notification to contacts from the phonebook. Americans liked the feature: they finally began to use the app to show updated statuses to each other. In a few months, WhatsApp was installed on 250,000 phones.
      At this point, Koum realized he'd inadvertently created a mobile messenger. In 2009, few people knew about this method of communication. Brian Acton also saw the incredible potential in WhatsApp and realized-you can make a full alternative to SMS and MMS.

      Brian Acton, WhatsApp co-founder
      Taking advantage of the situation, Koum released WhatsApp 2.0 with a messaging functionality. The user base grew, the guys came investors. The Duo rejected tempting offers: wanted to see the application without advertising and was afraid to make money — not to dance to someone else's tune. However, Jim Goetz of the Sequoia Capital venture Fund persuaded Kum and Acton to take eight million dollars, promising not to interfere in the management policy of the startup. It was in April 2011.
      Lifting the old ties with Yahoo, the partners found the "office" — a couple of rooms in a converted warehouse in San Jose, and they did not settle the Evernote service, ate the rest of the meters. Michael Donahue, one of the first developers of WhatsApp for BlackBerry, recalled how he explained the way: "Find the Evernote building. Go around it. Behind you will see a door without a sign. Knock."
      No profit. After all, Kum and Acton openly expressed dislike for advertising-apparently, the experience of working in Yahoo. In an interview with Fast Company, a native of Kyiv said he sees smartphones as" very personal devices " that are inappropriate to use as a banner provider. He explained, "When you get a message from a loved one, family member, or best friend, you want to respond right away without being distracted by ads." Instead of" easy money", the founders focused on WhatsApp itself. Jim Goetz motivated it this way:
      The first few years the founders worked for free-there was no income. As well as special expenses: basically the budget went to sending SMS with a confirmation code at registration. Services like Click-a-Tell asked for two cents for sending one message in the United States, and the Middle East has already cost 64 cents.

      By the beginning of 2010, the startup learned to earn, but the amounts were modest — five thousand dollars a month. Ian and Brian took their time experimenting with monetization. We wanted to understand how the audience is interested in a particular function of the application.
      How conquered the world
      We remind you that WhatsApp was not originally intended for messaging, but that's what people wanted. Based on 2G and 3G technologies, the messenger allowed users to bypass the "fences" piled up by mobile operators. Among foreign communication providers, it was a good form to raise the cost of SMS during peak hours or to set draconian limits. For example, in Singapore, some customers were prohibited from sending more than 100 messages per month, and the government of India set a threshold of 10 text messages per day during the holidays.
      WhatsApp abolished these barriers and suggested that, on average tariffs. And screwed a bunch of cool services: from group chat to sharing tracks and videos. Besides, it was easy to use the program. It is now all used to that for registration in the service is enough phone number. Previously, passwords, email, and personal data were required.

      Therefore, the brainchild of the godfather and Acton's ousted from BlackBerry BBM and Apple's iMessage — these alternative SMS Purcell only on native systems. Startups at an early stage realized that you can not miss a huge database of smartphones connected to the Internet. They immediately developed WhatsApp so that It functions on different platforms and phones — even the oldest.
      The rapid growth of WhatsApp has attracted the attention of Facebook. In February 2014, the company was purchased for an insane $19 billion to gain access to 500 million users. Soon there were more than a billion customers. Analysts then wondered: what made Zuckerberg pay so much money for an ordinary messenger? In the end, we realized it was a"move forward". Firstly, WhatsApp will not become a competitor to Facebook, and secondly, it will not outbid Google. Mark said that "the purchase of the century":
      Startupers widely celebrated the deal with Zuckerberg. That day Igor Solomennikov — the one who met Jan at the Russian party-posted on Instagram a photo with two boxes of expensive champagne. A few days later, the team of WhatsApp has exploded in Barcelona at MWC, where the godfather celebrated the merger of their 38 anniversary.
    • By DeZire
      Despite Google’s constant attempts to make the Android operating system as secure as possible, hackers do not waste time in vain and find more and more breaches in its security. Another vulnerability is related to the Bluetooth interface and can lead to serious consequences for the owner of a hacked smartphone.

      Vulnerability BlueFag allows hackers in the "silent" mode to transfer malware to smartphones running Android 8 Oreo and Android 9 Pie. In this case, the owner of the device will not receive any warning that any files have been sent to the gadget.
      It is enough for an attacker to find out the MAC address of the Bluetooth module of the device, which is often easy to calculate by the MAC address on a Wi-Fi network since smartphone manufacturers usually use a single module for both protocols.
      ERNW specialists specializing in computer security noted that the BlueFag vulnerability does not work on smartphones running Android 10. As for the versions of the green robot released before Android 8, it is possible that they are also subject to hacking.
      Google has not yet responded to this vulnerability, and ERNW experts only recommend updating the smartphone to Android 10, or, if the gadget is guaranteed to not get an update, change it to a new one.
    • By DeZire
      The organization for standardization of Bluetooth technology reported a vulnerability found in the encryption Protocol of the popular standard. Using a "hole" in the encryption standard, an attacker can gain access to information on the device and intercept the traffic that the gadgets exchange with each other.

      When the key is matched at the time of pairing, the devices exchange the alphanumeric combination to establish the connection. It is at this point that the hacker can intercept the key and make it short, which will allow the attack by brute force. Having gained access to the established connection, the attacker is able to fully control the traffic transmitted between the devices.
      To carry out such an attack, several conditions must be met: the attacker must be within the range of the established connection, and both attacked gadgets must use Bluetooth BR/EDR, and the vulnerability will affect each of the devices.
      After detecting a defect in the standard, the researchers checked 16 models of popular wireless controllers — all of them were exposed to this type of hacking. This is due to the fact that the Bluetooth specification does not require a minimum key length. Major manufacturers have already released vulnerability-fixing updates. Consumers can only install the appropriate patches on vulnerable devices with Bluetooth.
    • By DeZire
      Smartphones and laptops have long been perceived by users as harmless devices for content consumption, work, and entertainment. But a recently published study indicates that these gadgets can be used by attackers not only as objects of hacking but also as a dangerous weapon.

      Specialist in the field of cybersecurity Matt Wixey published the results of a study he found the vulnerability of a number of electronic devices. Weak points of smartphones, laptops, Bluetooth-speakers, wireless headphones, and Handsfree systems, the researcher called the possibility of hackers to access the settings of gadgets.
      By gaining appropriate access, an attacker can implement an algorithm to continuously play deafening or disorienting sounds at high or low frequencies, thereby harming human health.
      For the implementation of the attack is sufficient to have a Wi-Fi or Bluetooth connection. Wixey tested his hypothesis in practice by hacking several devices through a scanner program and forcing them to play sounds-stimuli through the built-in speakers. In one of these experiments, the forced reproduction of such sounds led to the failure of the gadget. The expert noted that the testing was carried out in a soundproof room, and no one was involved in the series of experiments.
    • By DeZire
      Today WhatsApp has an audience of about 1.5 billion people around the world. Despite such an extensive user base, the developers still have not eliminated the vulnerability that allows you to intercept messages in personal and group correspondence.

      At the Black Hat 2019 conference in Las Vegas, several options were demonstrated for exploiting the vulnerability with which hackers can:
      Correct messages by modifying them so that the recipient does not suspect that the author of the text was not the sender. Manage the citation function by referring to non-existent messages. Create the appearance that the message is sent to a single recipient, while it can get the whole community or a group of users. About all these flaws programmers told WhatsApp developers in August last year. To date, only the last "hole" with group mailing has been eliminated, while the use of two other options for message manipulation is still relevant.
      In addition, using the web version of WhatsApp, hackers are able to decrypt any correspondence. The interception of the access keys occurs at the time of creating the QR code. While the user starts the camera from the menu of the mobile client, the hacker intercepts a pair of encryption keys and after a successful connection gets access to the correspondence in unencrypted form. With such an access interception, it becomes possible to use the vulnerabilities mentioned above.
      Facebook, which owns WhatsApp, previously commented that to fix such vulnerabilities can not "due to infrastructure restrictions" and the need to compromise between privacy and security. A solution may be a full desktop client, which is currently being worked on by the developers of the messenger.
  • Blogs

  • Categories

  • Gadgets


  • Reviews

    • OPPO Reno 3 review: Quad camera and lots of memory

      Last year's OPPO Reno 2 smartphone was remembered for its almost flagship characteristics. In the new generation, the emphasis has shifted - the role of the top-end device has been assigned to the Reno 3 Pro, and the standard “three” has become a mid-budget phone. However, Reno 3 received a powerful quad camera, high-quality screen, and a large amount of memory. We find out how good the new product is.

      Four rear modules and a 44-megapixel front-facing camera
      The main camera of Reno 3 received four modules, as in the top-end device of the series - Reno 3 Pro. However, there are some functions missing, such as interpolation up to 108 MP. All the blocks are arranged in a line on an islet that protrudes noticeably upwards if you wear the gadget without a cover.
      The main module has a 1/2-inch sensor with a resolution of 48 MP and a lens with an aperture of f/1.8. As usual, in standard mode, it produces 12-megapixel images, and if desired, you can take photos in full resolution - 48 MP. Telephoto is based on a 13-megapixel sensor and a lens with an f/2.4 aperture. The ultra-wide Angle is equipped with an 8-megapixel sensor and a lens with an f/2.2 aperture. Finally, the 2 MP sensor is designed to assess the depth of the scene.

      Telephoto, in addition to 2x optical zoom, provides a 5x hybrid zoom. The photo app allows you to quickly switch between four shooting modes: ultra-wide angle, 1x, 2x, and 5x.
      All modules can function together with HDR. This option works perfectly in Auto mode, improving both the light and dark tones of contrasting scenes. Artificial intelligence confidently recognizes the scenes being shot and selects settings.
      However, in non-standard lighting conditions, if you choose wide-angle optics, the color rendering will not always be accurate. This does not happen with the main module and the telephoto lens.

      The main module paired with the auxiliary module gives clear portraits and realistic blurs the background
      Reno 3 shoots well in mixed and artificial lighting, as well as in the absence of light in the dark. In the most problematic cases, the Night program helps out. It combines several shots and works out all the tones of contrasting scenes. For shooting with manual settings, an Expert preset is provided.
      Multi-megapixel selfies
      The front camera is built into the display and is located in the middle of its upper edge, in the "drop". The camera is equipped with a 44-megapixel sensor and a wide-angle f/2.4 aperture lens. The default settings are set to a 40-megapixel resolution of images. And the full one is selected by pressing a separate on-screen button. The image quality in both cases is approximately the same. Sharpness appears only from a distance of about 30 cm, that is, for example, it is impossible to obtain a macro photograph of your eye. It seems that the calculation was made for shooting with outstretched hands or a selfie stick. For self-portraits, there are traditionally many beauty options: smoothing the skin, correcting the shape of the face and nose, eye size, and so on.

      Selfies in 44MP mode
      The smartphone records 4K videos at 30 fps. The supported format is Full HD with 30 and 60 fps, as well as slow-motion clips in HD and Full HD. During movie shooting, you can freely switch the zoom.
      In 4K mode at 30 frames per second, the gadget produces a picture with the correct color reproduction and high definition. But when working with hands, stabilization is noticeably lacking.
      Shooting in Full HD at 60 fps uses Ultra Steady Video 2.0 stabilization, which makes the picture smoother.
      Work and entertainment without lags
      Reno 3 is built on an eight-core MediaTek Helio P90 chipset. The new product in AnTuTu gives out figures comparable to the results of Kirin 970 and Snapdragon 712, and slightly ahead of Snapdragon 710. And in the Geekbench 5 rating - is on par with Snapdragon 845. This speed is sufficient to avoid slowdowns in any applications.
      8 GB of RAM allows you to run multiple programs simultaneously. The built-in fingerprint sensor acts quickly and accurately. There are no performance problems in games. In the popular WoT: Blitz with default graphics settings, the frame rate is confidently kept at 60 fps.

      The device has only one main speaker, which produces clear sound without distortion up to about 90% of the volume. Plus, there is support for Dolby Atmos. In this software add-on, you can add surround sound and a bit of bass - a great option for multimedia applications.
      Unfortunately, you will not be able to create a full stereo pair, because the speaker is quieter than the main one. But in Reno3 Pro two speakers shake as if you are holding a good Bluetooth speaker in your hands. Complete in-ear headphones deliver high-quality sound. Thanks to the audio jack, you can connect your favorite accessory.

      The built-in storage is not too large: 128 GB. But it is easy to increase it by using a microSD memory card. It is placed in a triple slot next to two nano-SIM cards. We had a 512 GB test card at hand - it worked without problems.
      High autonomy
      The gadget is powered by a 4025 mAh battery and supports VOOC 3.0 fast charging technology. A 20 W adapter and a complete cable during the test provided recharging at high speed. For example, from 33 to 78%, the battery was charged in 13 minutes, and up to 100% in 27.
      An hour-long shootout in WoT: Blitz (display brightness - 50%) consumes 11 percent of the battery. That is, without going to the outlet, it is about 9 hours of offline gaming. In Flight-mode, with the same brightness, about 4.4% of the battery charge is spent per hour playing the video in Full HD. Therefore, you should expect 22 hours of offline video viewing. Excellent results!

      If long-term autonomy is not so important, you can disable power consumption optimization in the settings and select "High performance". In this case, the device will work a little faster, and the battery consumption will be stronger.
      Great screen
      Reno 3 is equipped with an AMOLED panel with a diagonal of 6.4 inches, a resolution of FHD+ (2400x1080 pixels), and an aspect ratio of 20:9. The display occupies 90.8% of the front panel area, has a teardrop-shaped cutout for the front and thin frames. The image is clear, with rich but natural colors. The viewing angles are large, and the brightness reserve is sufficient for using the phone on the street in any weather. With minimal screen light, it is comfortable to read in a dark room. And at night, you can switch to "Dark mode" - in fact, this is an inverse version of the design: with a black display and a white font. Many people will find it even more convenient, and it also saves battery life.
      Branded shell of the seventh version
      Reno 3 is running a proprietary ColorOS 7 shell based on Android 10. When comparing with the previous version, you can see that the font has not changed, but many icons have been redrawn. However, their shape and size can be easily changed at your own discretion. The screen can be converted to a split format - just make a three-finger swipe up.
      Specifications of OPPO Reno 3
      DISPLAY: 6.4 ", FHD + (2400x1080), 20: 9
      CHIPSET: CPU MediaTek Helio P90 (MT6779V), 2.2 GHz, GPU PowerVR GM 9446
      RAM: 8 GB
      STORAGE: 128 GB
      MAIN CAMERA: main - 48 megapixels (f/1.8) + 13 megapixels (telephoto) + 8 megapixels (wide-angle) + 2 megapixels (scene depth sensor);
      FRONT CAMERA: - 44 megapixels with f/2.4 aperture
      BATTERY: 4025 mAh
      FEATURES: a sub-screen fingerprint sensor, an NFC module, an audio output, support for microSD cards up to 256 GB (without SIM replacement), a proprietary shell ColorOS 7, three body colors: black, white and blue.
      Test results
      ANTUTU: 223,438
      GEEKBENCH: 5 428 single-core, 1568 multi-core
      AUTONOMY: about 22 hours of video playback

      Summary
      The OPPO Reno 3 is an interesting device with balanced characteristics. From the first minutes, the beautiful design, slim body, and high-quality 6.4-inch screen make you happy. Later on - high performance, fast recharging, and good battery life. The advantages include the photo-filling, including a 44-megapixel front camera. In addition, the built-in drive can be expanded with a memory card, but not to the detriment of the second SIM card - a trifle, but nice.

About Us

Worlds Tech News. CheapDeveloper provides the latest technology news, phone launch details, smartphone reviews, comparisons, laptops, cameras, Computer Hardware, Software, apps and more. You can trust our in-depth technology reviews to help you buy the best product for your needs.

×
×
  • Create New...