WhatsApp’s new security label will let you know if future third-party chats are safe

WhatsApp is currently testing a new in-app label letting you know whether or not a chat room has end-to-end encryption (E2EE).

WABetaInfo discovered the caption in the latest Android beta. According to the publication, it’ll appear underneath the contact and group name but only if the conversation is encrypted by the company’s “Signal Protocol” (Not to be confused with the Signal messaging app; the two are different.) The line is meant to serve as a “visual confirmation” informing everyone that outside forces cannot read what they’re talking about or listen to phone calls. WABetaInfo adds that the text will disappear after a few seconds, allowing the Last Seen indicator to take its place. At this moment, it’s unknown if the two lines will change back and forth or if Last Seen will permanently take the E2EE label’s place.

This may not seem like a big deal since it’s just four words with a lock icon. However, this small change is important because it indicates Meta is willing to embrace third-party interoperability.

See more

Third-party compatibility

On March 6, the tech giant published a report on its Engineering at Meta blog detailing how interoperability will work in Europe. The EU passed the Digital Markets Act in 2022 which, among other things, implemented new rules forcing major messaging platforms to let users communicate with third-party services. 

Meta’s post gets into the weeds explaining how interoperability will work. The main takeaway is the company wants partners to use their Signal Protocol. The standard serves as the basis for E2EE on WhatsApp and Messenger, so they want everyone to be on the same playing field.

Other services don’t have to use Signal. They can use their compatible protocols, although they must demonstrate they offer “the same security guarantees”. 

The wording here is pretty cut and dry: if a service doesn’t have the same level of protection, then WhatsApp won’t communicate with it. However, the beta suggests Meta is willing to be flexible. They may not completely shut out non-Signal-compliant platforms. At the very least, the company will inform its users that certain chat rooms may not be as well protected as the ones with E2EE enabled.

Interested Android owners can install the update from the Google Play Beta Program although there is a chance you may not receive the feature. WABetaInfo states it’s only available to a handful of testers. No word if WhatsApp on iOS will see the same patch.

While we have you, be sure to join TechRadar's official WhatsApp channel to get all the latest reviews on your phone.

You might also like

TechRadar – All the latest technology news

Read More

Another big reason to install iOS 17.4 right now – it fixes two major security threats

Apple has just launched iOS 17.4, and right now everyone’s attention is focused on how it lets you run third-party app stores on your iPhone – although only if you're in the European Union. But there’s another important reason you should upgrade: it fixes two extremely serious security flaws.

In a new security post (via BleepingComputer), Apple says that iOS 17.4 and iPadOS 17.4 resolve two zero-day bugs in the iOS kernel and Apple’s RTKit that might allow an attacker to bypass your device’s kernel memory protections. That could potentially give malicious actors very high-level access to your device, so it’s imperative that you patch your iPhone as soon as possible by opening the Settings app, going to General > Software Update and following the on-screen instructions.

These issues are not just hypothetical; Apple says it is “aware of a report that this issue may have been exploited” in both cases, and if a zero-day flaw has been actively exploited it means hackers have been able to take advantage of these issues without anyone knowing. With that in mind, there’s every reason to update your device now that Apple has issued a set of fixes.

Apple says the bugs affect a wide range of devices: the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. In other words, a lot of people are potentially impacted.

Actively exploited

holding an iphone

(Image credit: Shutterstock)

Zero-day flaws like these are usually exploited in targeted attacks, often by sophisticated state-sponsored groups. Apple didn’t share any details of how or when these vulnerabilities were put to nefarious use, nor whether they were discovered by Apple’s own security teams or by external researchers.

Apple devices are known for their strong defenses, but are increasingly falling under hackers’ crosshairs. Recent research suggests that there were 20 active zero-day flaws targeting Apple products in 2023 – double the number of the previous year. According to BleepingComputer, three zero-day attacks on Apple devices have been patched so far in 2024.

This kind of exploit demonstrates why it’s so important to keep all of your devices updated with the latest patches, especially if they include security fixes. Leaving yourself vulnerable is a dangerous gamble when there are extremely sophisticated hacking groups out there in the wild. With that in mind, make sure you download the latest iOS 17.4 update as soon as you can.

You might also like

TechRadar – All the latest technology news

Read More

Windows 10 gets security boost and bug fixes in Microsoft’s first big update of 2024

Microsoft might be pushing forward with integrating AI into as many aspects of Windows 11 as possible, but it’s not totally forgotten about Windows 10 users. The older version of Windows continues to be very popular among Windows’ user base, and fortunately for them, Microsoft has just released update KB5034122 for Windows 10 that brings an array of bug fixes and serious security upgrades. 

Two of the bugs that the update addresses are to do with smart card usage and an issue with scroll bars. Maybe not the most thrilling updates, but this is pretty in line with Microsoft’s messaging about Windows 10. 

According to the tech titan, it’s more or less closed up shop when it comes to working on significant new features for Windows 10 and users shouldn’t expect to see any major changes in the future. Update KB5034122 serves as evidence of this with it being mostly maintenance and fixes from Microsoft, but let’s not forget that Microsoft’s shiny new all-in-one AI assistant, Windows Copilot, was made available to Windows 10 users last year. We’ll have to see if Copilot will see upgrades and improvements in Windows 10 considering that its current functionality is fairly limited.

Microsoft Teams copilot

(Image credit: Microsoft Teams)

What's new in update KB5034122

This update tackles security issues, as well as a quality upgrade to Windows 10’s servicing stack, the Windows component that enables users to install Windows updates. Microsoft also gives more details about the bug fixes that are included in this update: 

You can find a full rundown of what this update addresses on Microsoft’s Support blog, and it does make note of some known issues that still exist in this version of Windows 10 and gives suggested workarounds with instructions. It follows up each workaround for each presently-existing problem with the following statement to reassure Windows 10 users: 

We are working on a resolution and will provide an update in an upcoming release.

KB5034122 should be prompted for install on Windows 10 devices automatically because it’s a security update, but if for whatever reason your Windows 10 device has not downloaded it already, you can download it manually. You should definitely do this as it’s important to have the most up to date security fixes no matter what Windows version you use, and you can get it from the Microsoft Update Catalog

Good for Microsoft for keeping an eye on Windows 10 and recognizing that it remains a fan favorite. However, it’s clearly determined to get as much use out of its investment and collaboration with OpenAI, utilising GPT technology however it can.

Recently, Windows watchers have spotted that Notepad is getting a ChatGPT-powered writing assistant and text editing AI tool, with some users expressing that they’d rather Notepad stayed the simple, straightforward app that it came to be known as. Perhaps as Microsoft goes down the path of ramping up AI integration, Windows 10 will be a refuge option for those that want their operating system and apps to be a little less intelligent. 

YOU MIGHT ALSO LIKE…

TechRadar – All the latest technology news

Read More