EncryptoTel weekly digest(19.05.19)
Vulnerability in WhatsApp, Durov’s letter, and Facebook’s bad reputation.
WhatsApp discovered a serious vulnerability
The bug allowed the caller to install spyware on the recipient’s smartphone. Particularly alarming was the fact that the installation was possible regardless of whether the user answered the call or not. Spyware was developed by the Israeli company NSO Group, whose products include the Pegasus program, which allows you to turn on the camera and microphone on other person’s smartphone, as well as get access to messages and location data. The company has promised to investigate and find out who could take advantage of its development. Most of their clients are government agencies from around the world.
On May 13, WhatsApp updated the application and removed this bug. The number of people who could have suffered due to vulnerability is not specified. The company believes that only a “small” number of WhatsApp users were targeted for the attack.
The creator of Telegram Pavel Durov paid attention to WhatsApp’s vulnerability. He published an article harshly criticizing a competing messenger, entitled “Why WhatsApp will never be safe.” He noted that, unlike Telegram, the source codes of WhatsApp are inaccessible for study by security specialists, and loopholes can be left intentionally — on the orders of the FBI, because WhatsApp is owned by Facebook.
“It’s not surprising that dictators favour WhatsApp. Its insecurity allows them to spy on their own people, so WhatsApp continues to be freely available in places like Russia or Iran where Telegram is prohibited. ”
US may lift trade ban with Huawei to fulfill existing contracts
The US Department of Commerce, which actually initiated a ban on the purchase of American components by the Chinese giant Huawei, is considering a temporary permit that “will prevent the interruption of existing operations and equipment in the network,” the spokesman said. Thus, US authorities may allow Huawei to purchase components to help prevent Huawei’s end customers from equipment shortage, but the ban on the purchase of American components in order to make new products will remain in force.
Potential beneficiaries of this permission may be mobile operators and Internet access service providers in densely populated US states like Wyoming and Oregon, who purchased network equipment from Huawei in recent years.
Earlier, the US Department of Commerce decided to make the Chinese telecommunications equipment manufacturer Huawei blacklisted for “activities contrary to US national security.”
Together with Huawei, another 70 related companies will be blacklisted. US manufacturers who sell Huawei any equipment will need a special license from the US authorities.
Facebook is experiencing staff problems due to its reputation.
Scandals involving user data leaks hit Facebook where few people expected them. The social network is facing the shortage of highly professional programmers and they are not in a hurry to work on a company that has earned a reputation as not the best employer. According to CNBC, the percentage of candidates for developing software for Facebook fell from about 90% at the end of 2016 to almost 50% at the beginning of 2019. The fall in popularity of Facebook as an employer is noticeable among graduates of leading American universities, including Stanford, Carnegie Mellon University and Ivy League. If in 2017–2018 the percentage of students hired by the company was 85%, then after the scandals it fell to 35–55%.
As recruiters who previously worked with Facebook told CNBC, potential candidates are not limited to simple refusal: they explain their reluctance to work on Facebook with privacy and confidentiality problems on the social network.
How Facebook is going to compensate lost reputation points is not yet clear. For Facebook’s crypto project, privacy and security issues can play an important role. While the social network deals with organizational issues, it became known that on May 2, Facebook registered a fintech company called Libra Networks in Switzerland. Earlier, it was reported that it was under the Libra brand that the social network would launch its own stablecoin and payment network blockchain in the third quarter of 2019.
EncryptoTel: interface and server optimization
Last week our team was dedicated to solve a number of diverse tasks. Some of them have already been completed, and some remain in development:
- elimination of bugs preventing the registration of new users,
- development of the Control Panel design for different categories of users and depending on their balance,
- optimization of the technical support service,