InfoSecBulletin Cybersecurity for mankind
WhatsApp introduces a privacy feature called “Protect IP Address in Calls.” This feature masks users’ IP addresses by relaying the calls through its servers.
WhatsApp stated that calls are end-to-end encrypted, meaning that even if a call goes through their servers, they cannot listen to the calls.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
The main idea is to increase the difficulty for malicious people on the call to figure out the user’s location. This is done by securely sending the connection through WhatsApp servers. But, there is a small decrease in call quality when using the privacy option.
ALSO READ:
Microsoft Authenticator blocks suspicious MFA alerts by default
It’s similar to Apple’s iCloud Private Relay. It adds a layer of anonymity by routing users’ Safari browsing sessions through two secure internet relays.
The “Protect IP Address in Calls” feature has been in development since at least August 2023, according to WABetaInfo.
WhatsApp said that enabling this feature would relay all calls through their servers, protecting your IP address and preventing others from determining your general location.
“This new feature provides an additional layer of privacy and security particularly geared towards our most privacy-conscious users.”
The feature enhances user privacy and security by ensuring unwanted contact is filtered and minimizing the risk of zero-click attacks and spyware.
WhatsApp’s silenced call feature uses a special protocol to minimize the processing of data controlled by attackers. This is done by using a privacy token.
When making a call, the caller includes the recipient’s privacy token in the message. The server then checks the validity of the token and other factors to decide if the recipient allows the caller to call them.
“For privacy reasons, the server does not gain knowledge of the specific relationship between caller and recipient from the token.”
