Connect with us

VULNERABILITIES

Big Brother is watching WhatsApp

Is China the Big Brother that watch over its citizens from the harmful contents of social network? The question arose once again after the country decided to block WhatsApp mobile messaging application on its border.

Big Brother is watching WhatsApp

Is China the Big Brother that watch over its citizens from the harmful contents of social network? The question arose once again after the country decided to block WhatsApp mobile messaging application on its border.

To be fair, WhatsApp was blocked twice, first in July this year by crippling its media sharing capability. Then by the end of September, even the simple text-messaging between devices was blocked, rendering the instant messaging application to absolute uselessness.

 

WhatsApp becomes the latest victims to China’s firewall

Since the ancient time, the China civilization showed their determination in keeping out with the out-desired elements of the societies. In the past, they turtled themselves from the marauding nomadic barbarians with Great Wall, nowadays they constructed a great digitalized firewall for media censorship.

Besides WhatsApp, there is a list of banned social media sites such as Facebook, Instagram, Twitter, Youtube, Google and so on. For every banned application, China has replaced them with the own app versions approved by the government such as RenRen, Moments, Weibo, Youku, Baidu and so on. For WhatsApp replacement, the Chinese response is WeChat which may act like a super app in combining various components together.

 

Censorship on sensitive issues

Due to the timeliness of the complete ban on WhatsApp, the conspiracy theorist conjured that the clampdown may have to link to the upcoming 19th National Congress meeting taken place in Beijing, China on 18 Oct 2017.  During the meeting, the Chinese policymakers will discuss national policy as well as electing new leadership for the country.

For buildup toward that important date, the Chinese authority might want to prevent any unauthorized mass gathering characterized in Arab Spring where the role of social media was in centerpiece for organizers to form rally and uprising.

Perhaps the idea is too far-fetched at the moment, but it was understandably things in social media are being monitored. Perhaps why WhatsApp is banned in China due to its block end-to-end encryption which prove harder for monitoring.

It was reportedly that the Chinese censorship have been active in removing anti-Islam phrases in social media as websites have since been blocked after massive clean-up efforts over the net.

 

Failings by WhatsApp

China is not the only country to fall out with the popular messaging application that amassed over 1 billion users worldwide. Other countries have brushed with it too such the case of Brazil. In that episode, Brazilian law enforcers asked its telecom providers to block the messaging services thrice as it failed to handover information for investigation.

In last year, WhatsApp also created an uproar in Europe after the messaging app wanted to share data contacts with Facebook for the first time. The move disappointed users as WhatsApp compromise its positions about data sharing with other social network. Later, WhatsApp rolled back its decision and cut down its data sharing with others.

Similarly, WhatsApp had a face-off with laws-makers in United Arab Emirates (UAE), as the swearing over the messaging platforms invited fine of USD60,000 and deportation under a new federal law in cities such as Abu Dhabi and Dubai.

 

Verdict

To be fair, all government tends to “look after” its citizens in one form and another. And companies that provides social networks service often have to choose whether to comply with the ever stricter censorship and regulations to operate. Thus, sometime the response from the authority may be as straightforward as – either you are in or out. Therefore, choose your side wisely for you have already be warned.

Continue Reading
Advertisement
1 Comment

1 Comment

  1. Jim

    October 5, 2017 at 4:06 am

    Interesting as it happening about the same time as WhatsApp trying to monetize their platforms ( https://techcrunch.com/2017/08/30/whatsapp-is-testing-verified-business-accounts/) I think this is direct competition with WeChat kind of apps in China

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BREAKING NEWS

Libssh Security Flaw leaves thousands of servers vulnerable to hijacking

Libssh Security Flaw leaves thousands of servers vulnerable to hijacking

Libssh Security Flaw leaves thousands of servers vulnerable to hijacking. A security flaw in libssh leaves thousands, and potentially more, servers vulnerable to an attack. Libssh is a multiplatform C library which allows users to remotely execute programs, transfer files, manage public keys and use a secure and transparent tunnel.

 

The security flaw, discovered by Peter Winter-Smith from NCC Group, allows a hacker to bypass the authentication process on the servers and gain access to the system without having to enter a password.

 

An attacker can do this by sending the SSH server “SSH2_MSG_USERAUTH_SUCCESS” message instead of the “SSH2_MSG_USERAUTH_REQUEST” message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate.

 

The libssh system will treat this message to mean the authentication has already taken place and allow the attacker access to the server. The flaw (CVE-2018-10933) was released in January 2014 in release 0.6.0.

 

It’s estimated that the vulnerability currently affects at least 3000 servers, however this is based on a small search and the scale of the problem is not yet known. There were concerns that the popular version control site for developers to work collaboratively on projects, GitHub, was affected but they have released a statement denying this. Github claims the way they use libssh means they are not vulnerable to this exploit.

 

“We use a custom version of libssh; SSH2_MSG_USERAUTH_SUCCESS with the libssh server is not relied upon for pubkey-based auth, which is what we use the library for,”

a GitHub security official said on twitter

 

The security flaw is only on the server side, meaning users who have a libssh based SSH client installed on their computer will be safe from potential attackers looking to exploit this vulnerability.

 

While there are currently no public exploits available for the vulnerability, they are easy to put together so these are likely to pop up online in the coming days and weeks.

The team at libssh released versions 0.8.4 and 0.7.6 yesterday to handle this bug.

 

Continue Reading

HACKING NEWS

Several vulnerabilities found in RouterOS that Affected MikroTik Routers

Several vulnerabilities found in RouterOS that Affected MikroTik Routers

Several vulnerabilities found in RouterOS that Affected MikroTik Routers

 

Tenable researcher, Jacob Baines, has discovered multiple vulnerabilities in the Mikrotik routers; four separate security flaws that are vulnerable to hacking attacks. Mikrotik made it into the news in September after it was discovered routers had been hijacked using a security flaw on the RouterOS, and attackers we able to spy on users.

RouterOS, Mikrotik’s operating system was found to have around four security flaws. This includes a remote code execution vulnerability (CVE-2018-1156), File upload memory exhaustion flaw (CVE-2018-1157), recursive JSON parsing stack exhaustion (CVE-2018-1158), and www memory corruption (CVE-2018-1159).

While these are separate vulnerabilities, they all require legitimate user credentials before being able to exploit. These vulnerabilities are particularly dangerous, allowing an attacker to gain full control of the system, by remote attacks.

This security vulnerability has been exploited in the past, memorably the hacking of 7500 routers for intercepting user’s traffic and the cryptojacking campaign in which routers were exploited for cryptocurrency mining.

 

According the Tenable the multiple vulnerabilities affected RouterOS versions 6.42.6 and 6.40.8. Tanable contacted MikroTik in May 2018 to inform them about the flaws, after which Mikrotik released patches to fix the issue. However, not everyone is vigilant with patching their router when these flaws become known, and Jacob Baines has estimated that around 200,000 routers across the world may still be open to this exploit.

 

We second Tenable’s statement in encouraging users to update their system to the latest patch at the earliest possible time to help protect against these security vulnerabilities.

Continue Reading

BREAKING NEWS

Chinese Spying Chips Found Hidden on US companies’ servers

Chinese-Spying-Chips-Found-Hidden-on-US-companies-servers

Chinese Spying Chips Found Hidden on US companies’ servers. Business and markets news company Bloomberg reported today that a very small surveillance chip, similar in size to a grain of rice, has been found hidden in servers used by US companies. These servers are being used by nearly 30 American companies, including big names such as Apple and Amazon.

 

The servers are designed in the US by an American company called Super Micro, and do not include the chip in their designs. It is thought the chip must have been added in China, during the manufacturing process for the servers. The chip is an example of a “hardware hack” where hardware is modified to perform functions that wasn’t originally intended in the design. It is suspected the purpose of the chip is to spy on American companies and their users.

 

The lengthy publication by Bloomberg reports that Apple and Amazon were among those companies affected, but both companies refute the claim. An Apple spokesperson told Bloomberg that they had no history of finding malicious chips or hardware manipulations in any of its servers. Apple no longer used Super Micro servers after ending their contract with them in 2016.

 

Amazon also disputes the claims about their servers containing malicious chips and says they have not worked with the FBI to investigate malicious hardware within the company. Super Micro join Apple and Amazon in denying the claims about its servers.

 

In response to the allegations, China’s Ministry of Foreign Affairs released a statement saying “China is a resolute defender of cybersecurity. It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit. Supply chain safety in cyberspace is an issue of common concern, and China is also a victim. China, Russia, and other member states of the Shanghai Cooperation Organization proposed an “International code of conduct for information security” to the United Nations as early as 2011. It included a pledge to ensure the supply chain security of information and communications technology products and services, in order to prevent other states from using their advantages in resources and technologies to undermine the interest of other countries. We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.

 

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

 

Continue Reading
Advertisement

Trending