On this tracker, each week we will curate a selection of stories about online security.
Whatsapp flaw leaves certain personal user data open to hackers
Software engineer Robert Heaton has discovered that the log where Whatsapp captures the time when an user is online and offline can be access via a simple Chrome extension with four lines of code. The data can be correlated to identify when two people are messaging each other, or even when more than two people are exchanging messages. When you go to sleep and when you wake up can also be determined via the data stored in the log. Advertisers will like this data, as it can used to target ads. Read more about this on Heaton’s blog.
WiFi security protocol cracked?
It appears that the WPA2 ( Wi-Fi Protected Access II) security protocol, which most WiFi routers use, has “several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected,” an US-CERT (United States Computer Emergency Readiness Team) advisory said.
Cyber warfare division under Ministry of Defence
The Ministry of Defence is expected to soon have a separate division tackling cyber warfare. It is currently waiting for requisite approvals from the Ministry of Law & Justice and other government departments. This special division will be based in Delhi and work with the National Cyber Security Advisor. This division is expected to have over 1000 members, and will primarily focus of non-civilian cyber security issues, and critical infrastructure. Read more about this in The Indian Express.
BSE’s cyber security centre
The Bombay Stock Exchange (BSE) has set up a Cyber Security Operations Centre (SOC) at its premises. BSE’s managing director and CEO, Ashishkumar Chauhan told PTI that the new SOC will help BSE stay up to date with the latest threat intelligence, thereby increasing chances of detection of security threats internally. Apparently, BSE will also be investing in in anti-advance persistent threat capability, deception technology and forensic capabilities, among others. It’s worth noting that this news comes about a month after American credit rating agency, Equifax revealed it had suffered a data breach between May and July 2017.
Cyber security co-operation between India and US
This month, two delegations from the United States have arrived in India to discuss collaborations and cooperation in the field of cyber security, among others. The first delegation, headed by the Governor of Colorado, John Hickenlooper has held talks with 10 India companies with the objective of collaborating on cyber security issues at the National Cyber Security Center, Colorado Springs. They have also held discussions with the Government of Maharashtra. The second delegation, led by Congressman Lamar Smith, who is the Chairman of the House Committee on Science, Space and Technology, will be discussing cyber security cooperation over the next few days in Bangalore and New Delhi.