Psst, WhatsApp is listening || Industrial IoT's cloud security moment
CyberInsights #94 - WhatsApp's privacy concerns | Industrial IoT cloud bugs leading to RCE
WhatsApps’s Midnight Microphone Usage
It might be an Android bug, but it does Meta’s reputation no good.
Twitter was abuzz about WhatsApp turning the microphone on your phone on. The tweet was shared by an engineer at Twitter. Then, Elon Musk tweeted about it. Then the whole world was talking about it.
Meta (WhatsApp’s owners) then shared a clarification blaming it squarely on a bug on Android. They even said that Google acknowledged the bug, but you never know…
Any organisation with a revenue model of selling you advertisements will want to suck up all data that it can about you. Does it, sometimes, cross a line?
Take Action:
Let’s believe Meta this time — If you are using a Google Pixel phone, especially the Pixel 7 pro, then look for updates where this bug gets fixed. Release an advisory to your organisation once you have more updates.
RCE bugs leads to thousands of vulnerable IoT devices
The bug is in IIoT devices connected to the cloud. Talk about bridging the IT - OT divide…🙄
A bug pertaining to the connection of Industrial Internet of Things (IIoT) devices to cloud management setup has been identified. Three IIoT routers are affected:
Sierra Wireless AirLink
Teltonika Networks RUT
InHand Networks InRouter
The bug is huge because it not only affects devices that are registered with a provider on the cloud, but also unregistered devices. Exploitation of these vulnerabilities would impact operational processes.
Take Action:
If you are using any of the above routers, please consider the mitigations suggested by them. In addition follow the basics - disable cloud services if not used and register devices under their own accounts in the cloud platforms.