Cybersecurity

8813 readers

59 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

WhatsApp, Signal, untraceable security risk (www.techradar.com)

submitted 1 day ago by Spot@startrek.website to c/cybersecurity@sh.itjust.works

23 comments fedilink hide all child comments

Three billion WhatsApp users are at risk - an expert has developed a tool that could spy on everyone, and you would never know about it

you are viewing a single comment's thread
view the rest of the comments

[–] Nomad@infosec.pub 38 points 1 day ago (7 children)

Security expert here.... This issa nothing Burger and will be fixed on the server side soon I expect. This is about spreading fear uncertainty and doubt. The research is academic in nature and the results are interesting, but this is only a side channel to reveal things like maybe you rough timezone and maybe a few correlations via connectivity quality. This is what they do if they need to confirm if a person uses the same phone number for example. And the could just look it up in the registry or maybe just call you...

This is not a widespread privacy concern, is not very practical to use, especially at scale and is early fixable. Its comparable to the traffic pattern analysis they do to confirm tor users identity if they found them but need supporting evidence. Its what's left when the technology works as intended. So chill your paranoia.

[–] hoshikarakitaridia@lemmy.world 12 points 1 day ago (2 children)

IT hobbyist here. This guy knows his stuff. Dangerous attacks are the ones that are very low effort with medium to high reward. This attack is high effort and low reward. This is one of these trivia things, that you will virtually never see in the wild.

[–] Tinidril@midwest.social 3 points 1 day ago

High effort is not a great thing to count on. Once these things are discovered there are all sorts of clever (or not so clever) ways to automate the effort away. Especially now with AI.

load more comments (1 replies)

load more comments (5 replies)