World's richest person Elon Musk is asking people to switch to a messaging app called Signal over WhatsApp and Facebook due to a change their policy which has raised privacy concerns.
Signal Signal is a secure encrypted messaging app. Think of it as a more private alternative to WhatsApp, Facebook Messenger, Skype, iMessage, and SMS. Here’s why you should seriously consider switching to Signal. Why Signal Is Special. Business Manager is a Facebook tool that helps you organize and manage your business. When you join Business Manager, coworkers can't view your personal Facebook profile unless you approve their friend requests. Coworkers can only see your name, work email address and the Pages and ad accounts you have access to. Apr 13, 2021 The Original - Funny Facebook Statuses, Fails, LOLs and More. A hack of millions of Facebook users’ data has revealed that the company’s CEO Mark Zuckerberg uses the secure messaging app Signal, one of the main competitors of the Facebook-owned WhatsApp. State-of-the-art end-to-end encryption (powered by the open source Signal Protocol) keeps your conversations secure. We can't read your messages or listen to your calls, and no one else can either. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.
Tesla CEO Musk appealed to people to switch to more encrypted apps than WhatsApp and Facebook and specifically mentioned Signal when asked about a safer alternative by his followers.
Use Signal— Elon Musk (@elonmusk) January 7, 2021×
Musk's tweet comes after Signal and Telegram messaging apps are seeing a sudden increase in demand due larger rival WhatsApp's updated terms of service raised eyebrows on social media.
WhatsApp will share its users' personal information, including phone numbers, IP addresses, contacts, & more with Facebook from Feb. 8, according to the new T&Cs. No opt-out. The only way to object is to leave the service & move to a service like Signal or Telegram. https://t.co/FbGcq5T3JB— Mike Butcher (@mikebutcher) January 6, 2021
Scv Signal Facebook×
WhatsApp, which uses Signal's encryption technology, laid out fresh terms on Wednesday, asking users to agree to let owner Facebook Inc and its subsidiaries collect user data, including their phone number and location.
Some privacy activists questioned the 'accept our data grab or get out' move on Twitter, and suggested users to switch to apps like Signal and Telegram.
Signal's popularity shot up further on Thursday after it was endorsed by Elon Musk, who has one of the most-followed accounts on Twitter and by the micro-blogging site's top boss Jack Dorsey.
More than 100,000 users installed Signal across the app stores of Apple and Google in the last two days, while Telegram picked up nearly 2.2 million downloads, according to data analytics firm Sensor Tower.
New installs of WhatsApp fell 11 per cent in the first seven days of 2021 compared with the prior week, but that still amounted to an estimated 10.5 million downloads globally, Sensor Tower said.
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.
The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.
However, before being patched, they made it possible to force targeted devices to transmit audio to the attackers' devices without the need of gaining code execution.
'I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data,' Silvanovich explained.
'Theoretically, ensuring callee consent before audio or video transmission should be a fairly simple matter of waiting until the user accepts the call before adding any tracks to the peer connection.
'However, when I looked at real applications they enabled transmission in many different ways. Most of these led to vulnerabilities that allowed calls to be connected without interaction from the callee.'
I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger https://t.co/PlB0PzLzjJ— Natalie Silvanovich (@natashenka) January 19, 2021
As Silvanovich revealed, a Signal bug patched in September 2019 made it possible to connect the audio call by sending the connect message from the caller devices to the callee one instead of the other way around, without user interaction.
The Google Duo bug, a race condition that allowed callees to leak video packets from unanswered calls to the caller, was fixed in December 2020, while the Facebook Messenger flaw (previously covered by BleepingComputer here) which allowed audio calls to connect before the call was answered was addressed in November 2020.
Two similar vulnerabilities were discovered in the JioChat and Mocha messengers in July 2020, bugs that allowed sending JioChat audio (fixed in July 2020) and to send Mocha audio and video (fixed in August 2020) after exploitation, without user consent.
Silvanovich also looked for similar bugs in other video conferencing apps, including Telegram and Viber, but didn't find any such issues.
The Signal Facebook
'The majority of calling state machines I investigated had logic vulnerabilities that allowed audio or video content to be transmitted from the callee to the caller without the callee’s consent,' Silvanovich added.
'It is also concerning to note that I did not look at any group calling features of these applications, and all the vulnerabilities reported were found in peer-to-peer calls. This is an area for future work that could reveal additional problems.'
Two years ago, Silvanovich also found a critical vulnerability in the WhatsApp mobile messaging app that could have been activated simply by a user answering a call to crash or fully compromise the app.