WhatsApp’s new security label will let you know if future third-party chats are safe

WhatsApp is currently testing a new in-app label letting you know whether or not a chat room has end-to-end encryption (E2EE).

WABetaInfo discovered the caption in the latest Android beta. According to the publication, it’ll appear underneath the contact and group name but only if the conversation is encrypted by the company’s “Signal Protocol” (Not to be confused with the Signal messaging app; the two are different.) The line is meant to serve as a “visual confirmation” informing everyone that outside forces cannot read what they’re talking about or listen to phone calls. WABetaInfo adds that the text will disappear after a few seconds, allowing the Last Seen indicator to take its place. At this moment, it’s unknown if the two lines will change back and forth or if Last Seen will permanently take the E2EE label’s place.

This may not seem like a big deal since it’s just four words with a lock icon. However, this small change is important because it indicates Meta is willing to embrace third-party interoperability.

See more

Third-party compatibility

On March 6, the tech giant published a report on its Engineering at Meta blog detailing how interoperability will work in Europe. The EU passed the Digital Markets Act in 2022 which, among other things, implemented new rules forcing major messaging platforms to let users communicate with third-party services. 

Meta’s post gets into the weeds explaining how interoperability will work. The main takeaway is the company wants partners to use their Signal Protocol. The standard serves as the basis for E2EE on WhatsApp and Messenger, so they want everyone to be on the same playing field.

Other services don’t have to use Signal. They can use their compatible protocols, although they must demonstrate they offer “the same security guarantees”. 

The wording here is pretty cut and dry: if a service doesn’t have the same level of protection, then WhatsApp won’t communicate with it. However, the beta suggests Meta is willing to be flexible. They may not completely shut out non-Signal-compliant platforms. At the very least, the company will inform its users that certain chat rooms may not be as well protected as the ones with E2EE enabled.

Interested Android owners can install the update from the Google Play Beta Program although there is a chance you may not receive the feature. WABetaInfo states it’s only available to a handful of testers. No word if WhatsApp on iOS will see the same patch.

While we have you, be sure to join TechRadar's official WhatsApp channel to get all the latest reviews on your phone.

You might also like

TechRadar – All the latest technology news

Read More

Another big reason to install iOS 17.4 right now – it fixes two major security threats

Apple has just launched iOS 17.4, and right now everyone’s attention is focused on how it lets you run third-party app stores on your iPhone – although only if you're in the European Union. But there’s another important reason you should upgrade: it fixes two extremely serious security flaws.

In a new security post (via BleepingComputer), Apple says that iOS 17.4 and iPadOS 17.4 resolve two zero-day bugs in the iOS kernel and Apple’s RTKit that might allow an attacker to bypass your device’s kernel memory protections. That could potentially give malicious actors very high-level access to your device, so it’s imperative that you patch your iPhone as soon as possible by opening the Settings app, going to General > Software Update and following the on-screen instructions.

These issues are not just hypothetical; Apple says it is “aware of a report that this issue may have been exploited” in both cases, and if a zero-day flaw has been actively exploited it means hackers have been able to take advantage of these issues without anyone knowing. With that in mind, there’s every reason to update your device now that Apple has issued a set of fixes.

Apple says the bugs affect a wide range of devices: the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. In other words, a lot of people are potentially impacted.

Actively exploited

holding an iphone

(Image credit: Shutterstock)

Zero-day flaws like these are usually exploited in targeted attacks, often by sophisticated state-sponsored groups. Apple didn’t share any details of how or when these vulnerabilities were put to nefarious use, nor whether they were discovered by Apple’s own security teams or by external researchers.

Apple devices are known for their strong defenses, but are increasingly falling under hackers’ crosshairs. Recent research suggests that there were 20 active zero-day flaws targeting Apple products in 2023 – double the number of the previous year. According to BleepingComputer, three zero-day attacks on Apple devices have been patched so far in 2024.

This kind of exploit demonstrates why it’s so important to keep all of your devices updated with the latest patches, especially if they include security fixes. Leaving yourself vulnerable is a dangerous gamble when there are extremely sophisticated hacking groups out there in the wild. With that in mind, make sure you download the latest iOS 17.4 update as soon as you can.

You might also like

TechRadar – All the latest technology news

Read More