InfoSecBulletin Cybersecurity for mankind
WhatsApp introduces a privacy feature called “Protect IP Address in Calls.” This feature masks users’ IP addresses by relaying the calls through its servers.
WhatsApp stated that calls are end-to-end encrypted, meaning that even if a call goes through their servers, they cannot listen to the calls.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
The main idea is to increase the difficulty for malicious people on the call to figure out the user’s location. This is done by securely sending the connection through WhatsApp servers. But, there is a small decrease in call quality when using the privacy option.
ALSO READ:
Microsoft Authenticator blocks suspicious MFA alerts by default
It’s similar to Apple’s iCloud Private Relay. It adds a layer of anonymity by routing users’ Safari browsing sessions through two secure internet relays.
The “Protect IP Address in Calls” feature has been in development since at least August 2023, according to WABetaInfo.
WhatsApp said that enabling this feature would relay all calls through their servers, protecting your IP address and preventing others from determining your general location.
“This new feature provides an additional layer of privacy and security particularly geared towards our most privacy-conscious users.”
The feature enhances user privacy and security by ensuring unwanted contact is filtered and minimizing the risk of zero-click attacks and spyware.
WhatsApp’s silenced call feature uses a special protocol to minimize the processing of data controlled by attackers. This is done by using a privacy token.
When making a call, the caller includes the recipient’s privacy token in the message. The server then checks the validity of the token and other factors to decide if the recipient allows the caller to call them.
“For privacy reasons, the server does not gain knowledge of the specific relationship between caller and recipient from the token.”
