WhatsApp vulnerability allows quoted messages to be edited

Get WIRED’s daily briefing in your inbox. Sign up here

Security firm Check Point Research has published details of WhatsApp security vulnerabilities that allow group messaging conversations to be manipulated, including by editing quoted messages and disguising a private message as a group message (Forbes).

Although the fake private message vulnerability has been fixed by the Facebook-owned messaging firm, Check Point demonstrated that, using a custom tool, quoted messages to groups could be edited to put words in people’s mouths or change the displayed identity of the person who sent it. The company first reported the vulnerability in August 2018, but any attempt to fix the quote spoofing issue could require message logging of the kind of would break WhatsApp’s end-to-end encryption.

Like almost every other AI-based service provider, Microsoft is sending voice recordings independent contractors for transcription, annotation and translation to improve its machine learning features (Vice).

The biggest concern is fragments of personal Skype calls, which many users might presume to be private, which are sent to human translators to help improve Skype’s real-time AI voice translation service. Windows Cortana interactions are also sometimes analysed by humans and although Microsoft says this is all covered by its end user agreements, the wording is less than explicit.

US advertising startup – and official Facebook marketing partner – Hyp3r has been banned from Facebook’s Instagram social network for exploiting security vulnerabilities to scrape user data (Gizmodo).

Hyp3r’s activities came to light as the result of a Business Insider investigation and the company’s access to the social network was removed and a public location sharing vulnerability closed as a result of the investigation. However, Hyp3r has always been open about its activities and denies violating any Instagram policies.

On July 29, without any fanfare at all, Juul quietly released a new vape pen that may well determine the future of the world’s most valuable e-cigarette firm (WIRED). The Juul C1 is the company’s first Bluetooth-connected e-cigarette. Through the accompanying app, which requires submission of a government ID, Juul users can track how much they’re vaping, lock the e-cigarette so no one else can use it, and keep tabs on the device if it goes missing.

Console makers Microsoft, Sony and Nintendo will require all publishers on their platforms to publish drop rates for randomised loot boxes (Eurogamer). The news came in a US Entertainment Software Association announcement and is a clear response to worldwide government concerns and restrictions over loot boxes as a form of or gateway to gambling with particular appeal to children and young people.

Listen now, subscribe via RSS or add to iTunes.

10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Leave a Reply

Your email address will not be published. Required fields are marked *