Great!!! WhatsApp Finally Ready To Have “Admin Super Powers” Feature On Its Next Updates

Those who use Telegram app would be familiar with this feature called “Admin Super Powers“. WhatsApp has brought a lot of features recently and another most wanted feature is coming soon.

These are the functions of the Admin Super Power:

The Power: The feature will allow the main administrator to have control over other admins. WhatsApp will prevent the group creator from being deleted by other administrators.

Subject Subject Modifications: Most-wanted, administrators will be able to choose if participants or other admins will be able to modify the group’s description, icon, and subject. Once enabled that only admin can edit the subject, icon and description, a notification would appear notifying that only admins are eligible to change the settings.

Restriction in Groups: This feature will allow admin to disable the chat. That means, users will only read messages but won’t be able to send group text messages, images, videos, GIfs, documents, voice messages or even starting a new live location. Meanwhile, while the group chat is disabled, a message will appear telling that “only admin can send messages in this group”. The settings of this feature can only be altered after 72 hours.

However, the feature roll out date has no specific time frame but was reported to come out around 2018.

What do you think about this new feature, cool or not?

Amazon Key hacked: Tech-savvy couriers could exploit cameras and sneak into homes

"Amazon Key" smart lock system could be exploited by tech-savvy delivery drivers.

The Amazon Key was always going to be a tough sell - is there a security risk?

Amazon has pledged to release a security patch after a team of cybersecurity researchers showed its delivery service, which lets couriers inside homes, could be hacked.

Security wise, the proposition of dropping off packages inside houses was always going to be a tough sell. And according to US firm Rhino Security Labs, issues in camera software linked to the "Amazon Key" smart lock system could be exploited by tech-savvy delivery drivers.

The new approach to drop-offs, announced on 25 October, is built upon a mobile application and a camera known as the Cloud Cam, which lets users watch the delivery as it's happening in real-time.

Upon arrival, couriers scan a barcode to confirm their identity and the details of the order, after which the camera automatically starts recording.

The smart lock opens the door and, while under the watchful eye of the home-owner, the application will later ping when the entrance is closed again.

Updates and notifications are provided at every step.

But according to Rhino Security Labs, a Wi-Fi cyberattack could disable the camera – essentially freezing the image on the application to make it look like the front door is shut, and locked. It does this with a technique known as "deauthorisation".

"The camera is very much something Amazon is relying on in pitching the security of this as a safe solution," Ben Caudill, the founder Rhino Security Labs,told Wired.

"Disabling that camera on command is a pretty powerful capability when you're talking about environments, where you're relying heavily on that being a critical safety mechanism."

The company has also uploaded the proof-of-concept demo of the hack in action to YouTube.

In response, Amazon has confirmed a fix is on the way "later this week" that will give users a notification if the camera is tampered with or offline for an extended period of time. It stressed that all of its drivers go through "comprehensive" background checks.

"Safety and security are built into every aspect of the service," a spokesperson said, adding: "The service will not unlock the door if the Wi-Fi is disabled and the camera is not online."

Hackers Beat iPhone X’s Face ID Security In Just One Week

PA

Hackers claim to have beaten Apple’s facial recognition security technology just one week after the iPhone X went on sale.

Apple has previously claimed their FaceID system on the new iPhone X cannot be fooled by photos, impersonators and masks but cyber security firm Bkav said a 3D-printed mask which costs $150 (£115) to make has already fooled the new software.

FaceID is used to unlock the new iPhone X, as well as allowing users to authorise payments and log in to apps. Apple has been using fingerprint sensor embedded in the home button for several years, but completely removed the home button on the newest iPhone model.

Watch the video here:

The researchers said their findings proved that Face ID is ‘not an effective security measure’, although making the mask did require a detailed facial scan, and would be difficult for normal users to replicate.

When the iPhone X was unveiled in September, Apple claimed there was a ‘one in a million chance of another person being able to unlock the phone’ and said they’d ‘stress-tested the technology using silicone masks made by Hollywood studios’, writesthe Telegraph.

Bkav constructed the mask using a combination of 3D printing, a silicone nose and printed images of the eyes.

In a video released by the company you can appears see Face ID supposedly being fooled when a cloth covering the mask is taken away.

PA

The Telegraph states because the video ‘does not show Face ID being set up’, it cannot be confirmed Bkav’s technique actually works.

When asked who’d be targeted by the hack, they said:

Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID’s issue. Security units’ competitors, commercial rivals of corporations, and even nations might benefit from our PoC.

FaceID caused some embarrassment for Apple back when it was being unveiled ahead of its release.

Things obviously didn’t go according to plan when Craig Federighi, Apple senior vice president, attempted to demo the feature in front of the audience in the room and no doubt the millions of people watching at home.

Federighi was extolling the virtues of Face ID, telling the audience how easy it would be to operate and how secure the phone would be as a result.

PA

And then he was left completely embarrassed when he tried to lift the phone to his face, only to be told to enter the code for the phone because it had failed. A classic.

Before the fiasco, Federighi said:

With iPhone X, your iPhone is locked until you look at it, and it recognises you. Nothing has ever been more simple, natural and effortless.

We call this Face ID. Face ID is the future of how we unlock our smartphones and protect our sensitive information.

Apple said their Face ID technology is unsuitable for children under the age of 13 or for twins, suggesting these users set up a passcode instead.

The company did not respond to a request by The Telegraph for comment on Bkav’s findings.

What is IcedID? Hackers using new banking Trojan to spy and steal from targets in US and UK

Security experts suspect that a small but experienced cybercrime gang may be running IcedID malware.

In addition to being equipped with data-stealing abilities, IcedID can also monitor victims’ online activities

A new banking Trojan dubbed IcedID has recently been spotted operating in the wild. Although IcedID is fairly new to the cybercrime arena, security experts suggest that the malware's capabilities are on par with Dridex, Zeus and Gozi – all of which are proliferating banking malware that have previously caused widespread destruction and chaos in cyberspace.

The hackers operating the malware are going after banks, payment card providers, mobile service providers and others in the US. The malware has also been found targeting two UK banks. In addition to being equipped with data-stealing abilities, IcedID can also monitor victims' online activities.

According to security researchers at IBM X-Force, who uncovered the banking malware, either an experienced hacker or a small cybercrime gang may likely be operating IcedID.

"X-Force's analysis of IcedID's delivery method suggests that its operators are not new to the cybercrime arena, opting to infect users via the Emotet Trojan," IBM researchers said in a blog. Although the malware does not borrow code from other malware strains, researchers say that it still comes packed with features that "allow it to perform advanced browser manipulation tactics" employed by other sophisticated banking Trojans.

The X-Force researchers say that the hackers operating IcedID are using Emotet – a well-known malware distribution tool. "It was originally a banking Trojan that preceded Dridex. As such, it is designed to amass and maintain botnets. Emotet persists on the machine and then fetches additional components such as a spamming module, a network worm module, and password and data stealers for Microsoft Outlook email and browser activity," X-Force researchers explained.

The malware can also steal data via both redirection and web injection attacks, similar to TrickBot and Dridex. The malware can spread over networks and infect terminal servers. Researchers believe that the malware may soon begin targeting businesses.

Given that IcedID is still the new kid on the cybercrime block, it is still uncertain as to how successful the malware may be in the future. However, X-Force researchers believe that the malware may soon be updated by hackers to make it even more potent

How to Stop Spam Emails from Reaching Your Inbox

People all over the world have been dealing with issues of spam mails maliciously finding their ways into their electronic mail boxes.

 

If you are very active online and enter your personal details on various websites anytime it is requested, your email may become inundated by unsolicited emails which go into your spam box.

Spam—phishing, marketing, and scam emails—is annoying, that we can all agree on.

Many people have made enquiries on how to stop these emails from getting into the inbox of people who use iMac, MacBook Pro, iPhone and iPad and www.macworld.com has highlighted how it can be achieved.

The basis of Internet email is that every part of the system more or less mostly trusts every other part. That’s one problem, because since server and messages are mostly trusted, scammers, spammers, and aggressive legitimate marketers can’t simply be blocked before the message lands at your email host, the site at which email is accepted for your address.

Another is that return addresses can be forged—at least some of the time—because there’s no verification system that ensures an email you receive was sent from the address shown to have sent it. There are ways for owners of domains and operators of mail servers to specify and validate the only legitimate servers that a return address comes from, but they’re neither universally deployed nor perfect.

And even if there were a way to prevent malicious and criminal parties from being able to send email from accounts under their control, an unknown, very large number of computers and email accounts have been hijacked or can be on a moment’s notice, sending scams through addresses that otherwise have only carried legitimate email until that point.

However, you can take steps that will help mitigate it, if you aren’t already. These are some of the steps:

Stop unwanted emails at your email host

Enable any spam-filtering options available. Apple automatically performs some blocking and filtering for iCloud. Some hosts, like Fastmail, plug in a well-known system called SpamAssassin, which uses a large set of rules to guess whether email is legitimate or not, or unwanted or not. You can train SpamAssassin, as you can train Gmail and other services by marking email as spam and, conversely, checking the junk or spam folder to mark messages as “ham”—desirable email.

Install SpamSieve for macOS to stop spam

SpamSieve  is a very long-running, still regularly updated app that maintains its own database of spam and ham, and which plugs into Mail, Outlook, and other macOS email software. It relies on Bayesian analysis of spam and ham, letting it use word frequency to provide a probability of whether a given message is legit or should quit.

Set up rules to stop spam

Both on a mail host and in email software, like Apple’s Mail for macOS, you can set rules that filter incoming messages and mark them automatically as junk or throw them into the trash. I have a persistent spammer who, for some reason, isn’t automatically marked as spam and hasn’t been shut down despite operating openly from the same address and domain. Tired of marking by hand, I created a filter that marks the messages as junk.

Never click a URL in an email

Phishing relies on fooling you about messages, so even if you take all protections above, you’ll still wind up with messages that look real. I’ve taken to rarely clicking on a link, but instead visiting a site if I need to know something, unless I can absolutely be confident the URL looks exactly like what I expect.

Mail software can do a lot more. For example, you can blacklist and whitelist URLs, so that messages that contained certain paths or pointed to any domain would require extra steps to go through, while links to legitimate domains were highlighted to show they have been both verified as secure and you’d marked them as acceptable.

Decades into the spam battle, the weapons of defence still seem pretty paltry.

Apple support has also identified ways by which you can report junk mail to reduce the amount you receive.

Report junk mail

You can report junk mail to the mail administrators of both iCloud and the Internet domain from which the email was sent. If the administrators can verify that the message is junk mail, they can help make sure that future messages from that sender aren’t delivered to your mailbox. Follow the instructions for your email client:

Mail on your Mac

• Open the message and choose Forward as Attachment from the Message menu.
• Forward the message to iCloud spam@icloud.com.
• Forward the message again to abuse@domain, replacing domain with the part of the sender’s email address after the @ symbol. For example, if the sender’s email address is spammer@spammydomain.com, forward the message to abuse@spammydomain.com

Microsoft Outlook 2010

 
• Choose File > Options.
• In the Options window, click Mail in the left-hand panel.
• In the Replies and Forwards section, note the current setting so that you can change it back later. Then change the When forwarding a message setting to Attach original message.
• Click OK.
• Forward the message to iCloud spam@icloud.com.
• Forward the message again to abuse@domain, replacing domain with the part of the sender’s email address after the @ symbol. For example, if the sender’s email address is spammer@spammydomain.com, forward the message to abuse@spammydomain.com.
• To return Outlook to your previous settings, repeat steps 1 to 4, but in step 3 change the When forwarding a message setting back to the way it was. If you don’t remember the setting, choose Include original message text.

Welcome to the New Data Revolution with Glo & Iflix! Enjoy Unbelievable Internet Subscription Rates

Subscribers on the network of the grandmasters of data, Globacom, are in for excess data season as the company once again blazed the trail by launching a new data revolution, which confers on its subscribers, an unfair advantage with unmatched data packages; the biggest ever in the industry.

The launch of the Glo Data Revolution was done alongside the unveiling of  an exclusive partnership with Iflix, the world’s leading entertainment services for emerging markets, which gives the teeming subscribers of the telecoms firm, 60 days of unlimited access to the world’s best television programmes, series, movies, cartoons and more on their devices.

Speaking at the launch of the super-size offer on Monday at the company’s headquarters, Mike Adenuga Towers in Lagos, Globacom’s Regional Director, Planning and Technical, Sanjib Roy said the new offer gives both new and existing subscribers who renew their subscriptions before expiration up to 4GB of data for just N1,000. This 4GB data, for example, translates to about 4,000 pages of web browsing.

In the same vein, the 12.5GB is given for a N2,500 data bundle. This, for instance, could be used for 250 hours of content broadcast.  Just as subscribers stand to gain 24GB for N4,000 and a massive 30GB for N5,000.  The 30GB for N5,000 can enable the subscriber to enjoy videos for over 600 hours, for instance.  

The Globacom top official added that for small plans, new subscribers and those who renew with N100 subscription will have a 90MB bundle; while for N200, they will get 250MB with which they can send 400 emails for example.   For N500, the customer gets a whopping 2GB of data, which the subscribers can use to do 10 days of unlimited chatting if need be, Roy explained.

According to him, the new bundle offers are unprecedented and the biggest thing in Nigeria’s telecom history, adding that “never has the subscriber to any network in Nigeria had it so big and so good. All you need to do is get on the Glo data network and stay on by continuing to renew your subscription to enjoy the benefits that give you the unfair advantage over other data users”.

Explaining the  Glo-Iflix partnership, which is available on the Glo Café platform, Roy said that beyond giving subscribers of the telecoms firm, 60 days of unlimited access to the world’s best television programmes, series, movies, cartoons and more on their devices, after the 60 days, the Glo subscribers will get access at a specially discounted price of N100 per month only.  Subscribers need to send “Buzz” to 105 to access the Iflix service.

Iflix, he reiterated, offers subscribers the most extensive selection of iconic, critically-acclaimed TV series and fan-favourite films both internationally and locally available in the region, including hit titles such as Big Bang Theory, Suits, Flash, Arrow, Hercules, Mission Impossible,  as well as highly anticipated Bollywood hits ABCD, Chennai Express, Phantom, and PK. On the local front, Iflix offers such Nollywood titles as Head Gone, Jenifa’s Diary, The visit, Bukas and Joints and much more.

In addition to the above, the company also offers to subscribers who recharge up to N500 and above free YouTube streaming from 1.00 am to 5.30am.  YouTube is apopular video-sharingg site that allows users to upload, view, rate, share, add to favorites, report, comment on videos.  All the subscriber needs to do is to dial *777# to buy a data plan to activate the services.  

What is EngineerMode? Hidden OnePlus backdoor could allow hackers to take over your phone

Researchers have discovered an APK on most OnePlus devices that could allow hackers to root the device

Security researchers have discovered a hidden backdoor inadvertently left on many OnePlus smartphones that could be exploited by hackers to gain full access to users' devices. Robert Baptiste, a security researcher going by the name Elliot Alderson - an ode to the character in the popular Mr Robot TV series - discovered a factory-installed app on OnePlus devices that could be used by hackers to obtain root access to the phone, its files and software using just a few lines of code.

The researcher said he discovered the EngineerMode app when examining the latest firmware for the OnePlus 5 handsetand said it could be exploited to allow root level control of devices running the firmware oneplus_5_oxygenos_4.5.14.

The app can diagnose GPS, check the root status and perform numerous automated tests and hardware scans among other functions. However, Baptiste found that by launching the "DiagEnabled" activity in the app with a specific password, the device could be rooted to give an attacker total control over it.

The EngineerMode tool, made by Qualcomm, comes pre-installed on most OnePlus devices including OnePlus 2, 3, 3T and the newly launched OnePlus 5.

Although the tool is password-protected, researchers at security firm NowSecure have already managed to crack the password.

"With the password, the EngineerMode app enables a debugging mode that is generally only needed for development of the device and grants full root privileges on the device via a simple ADB command or potentially by installing an APK from the Play Store," the NowSecure Mobile Threat Research Team wrote in a blog post.

Upon entering the password "angela" - likely another Mr Robot reference to the character Angela Moss - the developer gains permanent root access to the Android Debug Bridge process and, essentially, root privileges on the affected OnePlus device.

However, hackers would need to have physical access to the phone to carry out the exploit.

"At this time, the (app) is most useful to an attacker with physical access to a OnePlus device or an owner looking to root their own device," NowSecure said. "What seems especially careless is OnePlus leaving behind a system-signed .apk and a native library with a SHA256 hash of the password that was easily reversed."

To find out if your OnePlus device has EngineerMode installed, head over to the device's "Settings" > "Apps" > "Menu" > "Show System Apps." You can then search for EngineerMode in the app list to check if it is installed.

OnePlus later said the EngineerMode is a "diagnostic tool used mainly used for factory production line functionality testing and after sales support".

"We've seen several statements by community developers that are worried because this apk grants root privileges," the Chinese smartphone maker said in a statement. "While it can enable adb [Android Debug Bridge] root which provides privileges for adb commands, it will not let 3rd party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device."

"While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA."

The news come just a month after OnePlus was discovered collecting its users' sensitive, personally identifiable information. It later scaled back its data collection programme. It also comes as its new OnePlus 5T is launched.