Dhaka, Aug 8 (UNB) -A newly-released tool that exploits a vulnerability in Facebook’s WhatsApp allows you to "put words in people’s mouths", researchers say.
A team from cybersecurity firm Checkpoint has demonstrated how the tool can be used to alter the text within quoted messages, making it look as if a person had said something they did not, reports the BBC.
Researcher Oded Vanunu told the BBC the tool made it possible for “malicious actors” to manipulate conversations on the platform.
Facebook would not provide a comment on the issue.
The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year.
“It’s a vulnerability that allows a malicious user to create fake news and create fraud,” Mr Vanunu explained.
The tool makes it possible to manipulate WhatsApp’s quoting feature to make it look like someone had written something they had not.
“You can completely change what someone says,” Mr Vanunu said. "You can completely manipulate every character in the quote.”
The tool also allows an attacker to change how the sender of the message is identified, making it possible to attribute a comment to a different source.
A third issue highlighted by researchers has been successfully fixed by Facebook. That flaw could trick users into believing they were sending a private message to one person, when in fact their reply went to a more public group.
But Mr Vanunu said Facebook had told them the other issues could not be resolved due to “infrastructure limitations” on WhatsApp.
In particular, the encryption technology used by WhatsApp made it extremely difficult - perhaps impossible - for the company to monitor and verify the authenticity of messages being sent by users. Other potential measures to stop the problems highlighted could result in trade-offs in the usability of the app, researchers were told.
When asked by the BBC why his team would release a tool that made it easier for others to exploit the vulnerability, Mr Vanunu defended the move, saying he hoped it would provoke discussion.
“[WhatsApp] serves 30% of the global population. It's our responsibility. There is a big problem with fake news and manipulation. It's infrastructure that serves more than 1.5 billion users.
"We cannot like put it aside and say: 'Okay, this is not happening.’"
The spread of misinformation on WhatsApp has been a major cause of concern, particularly in countries such as India and Brazil, where misinformation has lead to instances of violence, and in some cases, death.
WhatsApp made changes to its platform in an effort to reduce the spread of misinformation, such as limiting the number of times a message could be forwarded.
San Francisco, Jul 25 (AP/UNB) — Facebook survived its latest brush with U.S. privacy regulators, at the cost of a record $5 billion fine and other restrictions imposed by the Federal Trade Commission. But it's far from home free.
While the company looks set to prosper in the wake of the FTC case, it faces a series of other investigations into its privacy practices in Europe and across the U.S. Concerns over the limits of the just-settled probe could fuel efforts to craft tougher privacy laws at the state and federal level.
The social network is also gearing up to fight investigations into its allegedly anticompetitive behavior, such as Facebook's habit of buying would-be rivals like Instagram and blatantly duplicating features introduced by competing services.
The Department of Justice opened a broad antitrust probe focused on technology companies on Tuesday. On Wednesday Facebook disclosed that it also faces a fresh FTC investigation into alleged anticompetitive behavior. It didn't provide details of the scope or focus of the probe. Representatives of the FTC confirmed the antitrust investigation but offered no additional information.
The outcome of these investigations may well determine whether the world's governments can actually rein in a transnational corporation that directly touches almost a third of the world's population.
"There is a lot more to come on the regulatory front for Facebook," said Debra Aho Williamson, analyst with the research firm eMarketer. To pre-empt this and do things on its own terms, Williamson said the company is "going to do whatever it can" to change its business model and change the way it gathers data.
The FTC penalties, viewed by some as a stunning rebuke to the social network, might well crush a smaller firm. But they seem unlikely to faze Facebook — the fine, for instance, amounts to less than 10% of Facebook's annual revenue and not even a quarter of its annual profits. Some critics charge that that the FTC didn't deliver much more than a slap on the wrist.
"Facebook makes that much money in a couple of weeks," said Siva Vaidhyanathan, a University of Virginia professor and author of "Antisocial Media: How Facebook Disconnects Us and Undermines Democracy." The company is free to "get back to business as usual," he said.
Wall Street seems to agree. Facebook's stock price climbed higher Wednesday after the deal was announced. The company is worth much more than it was when its Cambridge Analytica privacy scandal erupted back in March 2018. On Wednesday, Facebook's market value hovered around $575 billion — roughly $40 billion above where it stood before the news of the Cambridge abuses broke.
Ashkan Soltani, a former FTC chief technologist, said the settlement was effectively "a get-out-of-jail free card for Facebook." The deal absolves Facebook of any consumer-protection claims prior to June 12 of this year, a highly unusual step that effectively wipes the slate clean where known historical privacy violations are concerned.
Soltani and other critics also note that the FTC settlement barely touches Facebook's underlying business practices, which rely on the collection and analysis of its users' activities and personal details to fuel the company's lucrative advertising machine. In its formal legal complaint, the FTC used the word "deceptive" 14 times to describe Facebook's practices and policies.
"There is a lot more to come on the regulatory front for Facebook," said Debra Aho Williamson, analyst with the research firm eMarketer. To pre-empt this and do things on its own terms, Williamson said the company is "going to do whatever it can" to change its business model and the way it gathers data.
Facebook has already signaled that this is coming. Earlier this year, CEO Mark Zuckerberg unveiled a new "privacy focused" vision for the company that centers on private messaging and encrypted communications. The details are scant. But it shows that the company is thinking years into the future even as regulators are investigating and punishing it for years-past violations.
As part of the FTC's settlement with Facebook, Zuckerberg will have to personally certify his company's compliance with its privacy programs. The FTC said that false certifications could expose him to civil or criminal penalties. But the settlement did not hold Zuckerberg personally liable for the past violations, as some had expected.
In a Facebook post Wednesday, Zuckerberg vowed to "make some major structural changes to how we build products and run this company" as a result of the settlement. "We have a responsibility to protect people's privacy. We already work hard to live up to this responsibility, but now we're going to set a completely new standard for our industry."
In a similar tone, FTC Chairman Joe Simons, speaking at a news conference, said the settlement is "unprecedented in the history of the FTC" and is designed "to change Facebook's entire privacy culture to decrease the likelihood of continued violations."
Simons, however, acknowledged that the FTC's powers were limited. It could not, for instance, fine Facebook $10 billion or target Zuckerberg personally for investigation. "We cannot impose such things by our own fiat," he said at a news conference following release of the settlement.
Three Republican commissioners voted for the fine while two Democrats opposed it. Their wish list included specific punishment for Zuckerberg, strict limits on what data Facebook can collect and possibly even breaking off subsidiaries such as WhatsApp and Instagram.
Nonetheless, the regulators touted the agreement as imposing a "sea change" on how Facebook handles the privacy of people's data. Simons called it "a belt-and-suspenders approach to compliance" — with five overlapping "channels" both inside and outside Facebook.
For instance, a new, independent committee of Facebook's board that focus on privacy alone. As agreed, Zuckerberg and the new designated compliance officers must each, independently, certify to the FTC that Facebook is in compliance. Falsely certifying would subject Zuckerberg and the officers to personal liability, including civil and criminal penalties.
Commissioner Noah Phillips compared that to the regime imposed on corporate CEOs following the wave of accounting scandals in 2001-2002 that began with Enron. CEOs now are required by law to personally vouch for the accuracy of their financial reports.
Dhaka, Jul 24 (UNB) - Facebook is facing immense pressure from US regulators over its plans to launch a digital currency, Libra, in association with more than 20 partners including Visa, MasterCard and Uber, reports the BBC.
As well as co-creating the Libra currency, Facebook plans, on its own, to offer its own digital wallet, called Calibra. Like a physical wallet with cash, Calibra will store a users’ Libra, and make it possible to engage in transactions with other wallets.
Libra has the potential, lawmakers say, to dramatically disrupt the global banking industry - a digital currency that can cross borders, without the wild price fluctuations and illegal connotations of Bitcoin and its ilk.
Which is why David Marcus, the Facebook executive of its currency project, was brought in front of two US congressional committees last week to answer concerns.
“I want to be clear,” Mr Marcus said in his opening statement to US lawmakers. "Facebook will not offer the Libra digital currency until we have fully addressed regulatory concerns and received appropriate approvals."
But what exactly did that mean? A pledge not to launch anywhere without US approval, or just a pledge not to launch in the US?
No clear answer
Almost a week later, it’s difficult to get a clear answer from Facebook about whether it feels it needs US lawmakers on board in order for Libra to go ahead.
Midway through last Wednesdays’ hearing, the second two hour-long session, I dropped the company a note seeking clarification.
“If the US doesn't give approval, but Facebook gets approval elsewhere in the world, will Libra’s launch go ahead in those places?” I asked.
A spokeswoman replied, telling me: "David [Marcus] committed that Facebook will not offer the Libra digital currency until we have fully addressed regulatory concerns and received appropriate approvals. This is Facebook’s commitment. We will be offering Libra through Calibra. Calibra will only launch in jurisdictions in which we have approval to launch.”
That didn’t quite answer the question on whether the Libra project would still go ahead if the US didn’t approve, or if Calibra - the part which Facebook will run on its own - would be available in other countries, if not the US. So I tried again.
"If the US is yet to approve Libra/Calibra, but country X does, will Facebook launch Calibra in country X?”
The spokeswoman said she wouldn’t comment on a hypothetical scenario. Fine. I tried again.
"Is it Facebook’s position, today, that in the absence of US regulatory approval, it intends to launch Libra in other markets, subject to local regulators’ approval?”
“Nothing more to share on this,” the spokeswoman said.
It’s hard to stay out of the weeds on this one. Technically, Facebook isn’t in charge of the Libra Association, and so can’t be solely responsible for its actions. But when I tried to reach the other partners on the project to get their view, most directed me back. “Facebook is spearheading [leading],” said one rep from a payments company. “You need to talk to them.”
Facebook’s spokeswoman confirmed to me that when Mr Marcus made his commitments to Congress, he was referring specifically to Calibra, the wallet, rather than the wider Libra currency. A spokeswoman for the Libra Association said on Tuesday it would only launch when it had "addressed applicable regulatory issues and received appropriate approvals". But that likely won’t be enough for US lawmakers concerned about the impact the project could have on the dollar.
"Mr Marcus was very clear that Facebook 'would not launch until all concerns are addressed' and I believe he is a man of his word,” senator Mark Warner, who sits on the Senate Banking Committee, wrote in an email to BBC News.
"With Libra backed by the US dollar and dollar-denominated securities, its launch will have very real consequences - and poses very legitimate stability and soundness concerns - for the US, even if Facebook chose not to launch it in the US.
"I appreciate Facebook engaging policymakers on this front and fully expect them to adhere to Mr Marcus’s commitment not to launch Libra - full stop - unless and until the concerns of regulators are addressed.”
There could, however, be little the US can do - the Libra Association will be headquartered in Switzerland. On Tuesday, a Facebook spokeswoman reiterated the view that it would seek approval in the jurisdictions it operates.
"Engaging with regulators, policymakers, and experts is critical to Libra’s success,” the spokeswoman said.
"This was the whole reason that Facebook along with other members of the Libra Association shared our plans early. The time between now and launch is designed to be an open, collaborative process. We will take the time to get this right.”
But, again, neither Facebook, nor a spokeswoman for the Libra Association itself, would be drawn on what would happen elsewhere if the US feels Libra should not go ahead.
Washington, Jul 18 (AP/UNB) — Facebook endured a second day of criticism from Congress over its plan to create a digital currency as senior House Democrats asked Facebook to scale back the project and threatened legislation that would block big tech companies from getting into banking.
Facebook's massive market power and its record of scandals, fines and privacy breaches were on trial at a hearing Wednesday of the House Financial Services Committee. Lawmakers from both parties insisted they cannot trust the social network giant.
"I think you're pretty low on the trust spectrum right now, and understandably," Rep. Vicente Gonzalez, D-Texas, told David Marcus, the Facebook executive leading the project. It was Marcus' second straight day of tough questioning by lawmakers.
Among their concerns is the risk that the new currency, to be called Libra, could be used for illicit activity such as money laundering or drug trafficking. Lawmakers also worry that the massive reserve created with money used to buy Libra could supplant the Federal Reserve and destabilize the financial system, and that consumers could be hurt by Libra losses.
The committee's leader, Rep. Maxine Waters, D-Calif., has asked Facebook to suspend its plan for the new currency until regulators and lawmakers have a chance to fully review it. She renewed that demand to Marcus.
Rep. Carolyn Maloney, D-N.Y., asked that Facebook commit to starting with a pilot project with no more than a million users, overseen by the Federal Reserve.
If Facebook cannot meet that request, Maloney said, "then Congress should seriously consider stopping this project from moving forward."
Waters held out the prospect of legislation that would prohibit big tech companies such as Facebook, Google, Amazon and Apple from becoming chartered or licensed as U.S. financial institutions, and thus able to offer banking services, and specifically from establishing a digital currency.
Facebook, marshaling its more than 2 billion users around the world, "is apparently trying to create a new global financial system that will compete with the U.S. dollar," Waters said.
The congressional criticism thickened the cloud over Facebook's plan, coming after negative statements and expressions of concern from the two most powerful financial regulators , Fed Chairman Jerome Powell and Treasury Secretary Steven Mnuchin, as well as from President Donald Trump himself.
In a rare endorsement of Trump's views, committee Democrats projected his negative tweets last week about cryptocurrencies and Libra on a giant electronic screen in the hearing room. Trump said Libra "will have little standing or dependability."
As he did at Tuesday's hearing by the Senate Banking, Housing and Urban Affairs Committee, Marcus repeatedly took pains to assure lawmakers that Facebook would not launch the currency project until it had received all the necessary approvals from regulators and secured safeguards to protect the privacy of users' data. He said Facebook will not control Libra because Facebook will be only one of about 100 companies and nonprofits in an association that will manage the currency.
Marcus said the plan would open low-cost online commerce to millions of people around the world who lack access to bank accounts and would make it cheaper to send money across borders.
He did not agree to a suspension of the plan or a pilot project.
"We will take the time to get this right," Marcus said.
He said Facebook isn't looking to base the Libra project in Switzerland in order to evade oversight, but because that country is recognized as an international financial center.
Acknowledging lawmakers' concerns over Facebook's record on data privacy , Marcus said, "I think trust is essential and it's clear we've made mistakes. We're owning these mistakes."
The committee's senior Republican, Rep. Patrick McHenry of North Carolina, said skepticism over the project is justified but the effort should not be prohibited outright. A thorough review is needed, "instead of a knee-jerk reaction of banning something before it begins," McHenry said.
Rep. Tom Emmer, R-Minn., said the legislation Waters is proposing to ban big tech companies from banking "has no constitutional basis."
Marcus' assurance that Facebook won't control Libra failed to convince Rep. Brad Sherman, D-Calif., who focused on Facebook CEO Mark Zuckerberg.
"This is the Zuck buck," Sherman insisted. "This is a godsend to drug dealers" and other criminals. "Zuckerberg has billions but he doesn't have the authority to print more. ... This is an attempt to transfer enormous power from America to Facebook and its allies."
The planned digital currency is to be a blend of multiple currencies, which means the exchange rate will fluctuate.
Washington, July 17 (AP/UNB) — Under sharp criticism from senators, a Facebook executive on Tuesday defended the social network's ambitious plan to create a digital currency and pledged to work with regulators to achieve a system that protects the privacy of users' data.
"We know we need to take the time to get this right," David Marcus, the Facebook executive leading the project, told the Senate Banking Committee at a hearing.
But that message did little to assure senators. Members of both parties demanded to know why a company with massive market power and a track record of scandals should be trusted with such a far-reaching project, given the potential for fraud, abuse and criminal activity.
"Facebook is dangerous," asserted Sen. Sherrod Brown of Ohio, the committee's senior Democrat. Like a toddler playing with matches, "Facebook has burned down the house over and over," he told Marcus. "Do you really think people should trust you with their bank accounts and their money?"
Republican Sen. Martha McSally of Arizona said "the core issue here is trust." Users won't be able to opt out of providing their personal data when joining the new digital wallet for Libra, McSally said. "Arizonans will be more likely to be scammed" using the currency, she said.
The litany of criticism came as Congress began two days of hearings on the currency planned by Facebook, to be called Libra. Meanwhile, a House Judiciary subcommittee extended its bipartisan investigation of the market power of Facebook, Google, Amazon and Apple.
On the defensive from bursts of aggressive questioning, Facebook's Marcus indicated the currency plan is a work in progress. "We will take the time" to ensure the network won't be open to use by criminals and illicit activity like money laundering and financial fraud. "We hope that we'll avoid conflicts of interest. We have a lot of work to do," Marcus said.
He said the new venture would be headquartered in Switzerland, not to avoid oversight but because the country is a recognized international financial center.
The grilling followed a series of negative comments and warnings about the Libra plan in recent days from President Donald Trump, his treasury secretary and the head of the Federal Reserve.
But some senators emphasized the potential positive benefits of Facebook's plan, meant to bring money transacting at low cost to millions around the globe who don't have bank accounts. Facebook had its strong defenders of the project, too, on the panel.
"To strangle this baby in the crib is wildly premature," said Sen. Pat Toomey, R-Pa.
In that vein, Marcus said Libra "is about developing a safe, secure and low-cost way for people to move money efficiently around the world. We believe that Libra can make real progress toward building a more inclusive financial infrastructure."
The planned digital currency is to be a blend of multiple currencies, so that its value will fluctuate in any given local currency. Because Libra will be backed by a reserve, and because the group of companies managing it will encourage a competitive system of exchanges, the project leaders say, "anyone with Libra has a high degree of assurance they can sell it for local (sovereign) currency based on an exchange rate."
Promising low fees, the new currency system could open online commerce to millions of people around the world who lack access to bank accounts and make it cheaper to send money across borders. But it also raises concerns over the privacy of users' data and the potential for criminals to use it for money laundering and fraud.
To address privacy concerns, Facebook created a nonprofit oversight association, with dozens of partners including PayPal, Uber, Spotify, Visa and MasterCard, to govern Libra. As one among many in the association, Facebook says it won't have any special rights or privileges. It also created a "digital wallet" subsidiary, Calibra, to work on the technology, separately from its main social media business. While Facebook owns and controls Calibra, it won't see financial data from it, the company says.
Senators demanded to know exactly what that separation will entail.
"Facebook isn't a company; it's a country," said Sen. John Kennedy, R-La. Kennedy and other conservative senators took the occasion to air long-standing grievances against Facebook, Twitter and Google for a perceived bias against conservative views.
Facebook's currency proposal has also faced heavy skepticism from the Trump administration.
Trump tweeted last week that the new currency, Libra, "will have little standing or dependability." Both Treasury Secretary Steven Mnuchin and Fed Chair Jerome Powell have expressed serious concerns recently that Libra could be used for illicit activity.
The Treasury Department has "very serious concerns that Libra could be misused by money launderers and terrorist financers," Mnuchin told reporters at the White House on Monday. "This is indeed a national security issue."
Also Tuesday, across the Capitol in the House, the chairman of a Judiciary Committee panel investigating the market power of big tech companies said Congress and antitrust regulators wrongly allowed them to regulate themselves. That enabled companies like Facebook, Google, Amazon and Apple to operate out of control, dominating the internet and choking off online innovation, Rep. David Cicilline, D-R.I., said at the start of a hearing.
"The internet has become increasingly concentrated, less open, and growingly hostile to innovation and entrepreneurship," he said.
As concerns have mounted over data privacy and market dominance of Big Tech, an increasing number of lawmakers from both parties are calling for tighter regulation of customarily free-wheeling companies or even breaking them up. The Justice Department and the Federal Trade Commission are pursuing antitrust investigations of the four major companies.
Executives of the companies, testifying at the Judiciary hearing, pushed back against lawmakers' accusations that they operate as monopolies, laying out ways in which they say they compete fairly yet vigorously against rivals in the marketplace.
And Google executive Karan Bhatia, at a Senate Judiciary subcommittee hearing on online bias, insisted that the company's search engine does not filter on the basis of political views. "We surface the results that are most responsive," he said. "We don't use political (markers) to blacklist or whitelist."