The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: encrypted messaging apps

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

June 13, 2019Mohit Kumar
Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage Hong Kong protesters. Since last week, millions of people in Hong Kong are fighting their political leaders over the proposed amendments to an extradition law that would allow a person arrested in Hong Kong to face trial elsewhere, including in mainland China. Many people see it as a fundamental threat to the territory's civic freedoms and the rule of law. Many people in Hong Kong are currently using Telegram's encrypted messaging service to communicate without being spied on, organize the protest, and alert each other about activities on the ground. According to Telegram, th
Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack

Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack

April 12, 2019Mohit Kumar
Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix's website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys the project maintainers used for signing packages. The cyber attack eventually forced the organization to shut down its entire production infrastructure for several hours and log all users out of Matrix.org. So, if you have an account with Matrix.org service and do not have backups of your encryption keys or were not using server-side encryption key backup, unfortunately, you will not be able to read your entire encrypted conversation history. Matrix is an open source end-to-end encrypted messaging protocol that allows anyone to self-host a messaging service on their own servers, powering
Hackers Reveal How Code Injection Attack Works in Signal Messaging App

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

May 14, 2018Swati Khandelwal
After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code injection vulnerability discovered and reported by a team of white-hat hackers from Argentina. The vulnerability could have been exploited by remote attackers to inject a malicious payload inside the Signal desktop app running on the recipients' system just by sending them a specially crafted link—without requiring any user interaction. According to a blog post published today, the vulnerability was accidentally discovered while researchers–Iván Ariel Barrera Oro, Alfredo Ortega and Juliano Rizzo–were chatting on Signal messenger and one of them shared a link of a vulnerable site with an XSS payload in its URL. However, the XSS payload unexpectedly got executed on the Sig
WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

January 10, 2018Swati Khandelwal
A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps. Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services. The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service. In order words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean. However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system. Researchers from Ruhr-Universität
Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists

Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists

June 26, 2017Mohit Kumar
Russia has threatened to ban Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country's new data protection laws. Russian intelligence service, the FSB, said on Monday that the terrorists that killed 15 people in Saint Petersburg in April had used the Telegram encrypted messaging service to plot their attacks. According to the new Russian Data Protection Laws, as of January 1, all foreign tech companies have been required to store the past six months' of the personal data of its citizens and encryption keys within the country; which the company has to share with the authorities on demand. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," Alexander Zharov said, head of communications regulator Roskomnadzor (state communications watchdog). "And to officially send it to Roskomnadzor to include this data in the registry of organizers of d
UK Demands Encryption Backdoor As London Terrorist Used WhatsApp Before the Attack

UK Demands Encryption Backdoor As London Terrorist Used WhatsApp Before the Attack

March 27, 2017Mohit Kumar
The government has once again started asking for backdoor in encrypted services, arguing that it can not give enough security to its citizens because the terrorists are using encrypted apps to communicate and plot an attack. Following last week's terrorist attack in London, the UK government is accusing technology firms to give terrorists "a place to hide," saying Intelligence agencies must have access to encrypted messaging applications such as WhatsApp to prevent such attacks. According to authorities , the killer, Khalid Masood, 52, was active on WhatsApp messaging app just two minutes before he attacked Britain's Houses of Parliament in Westminster that killed four people. Here's what Amber Rudd, Britain's Home Secretary said while speaking at BBC's Andrew Marr Show on Sunday: "We need to make sure that organizations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate
Secure Messaging App 'Confide' Used by White House Staffers Found Vulnerable

Secure Messaging App 'Confide' Used by White House Staffers Found Vulnerable

March 09, 2017Mohit Kumar
The secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide, the secure messaging app reportedly employed by President Donald Trump's aides to speak to each other in secret, promises "military-grade end-to-end encryption" to its users and claims that nobody can intercept and read chats that disappear after they are read. However, two separate research have raised a red flag about the claims made by the company. Security researchers at Seattle-based IOActive discovered multiple critical vulnerabilities in Confide after a recent audit of the version 1.4.2 of the app for Windows, Mac OS X, and Android. Confide Flaws Allow Altering of Secret Messages The critical flaws allowed attackers to: Impersonate friendly contacts by hijacking an account session or guessing a password, as the app failed to prevent brute-force attacks on account passwords. Spy on contact details of Confide users, incl
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.