WhatsApp Enumeration, Moscow’s Ultimatum & the License‑Plate Dragnet

This week brings three developments: a troubling tech hiccup, a high‑stakes government ultimatum, and a sweeping surveillance revelation. Together these stories show how technical vulnerabilities, state pressure, and mass surveillance are colliding to reshape who can communicate securely and where privacy still exists.

WhatsApp’s Contact‑Discovery Flaw Put 3.5 Billion Numbers at Risk

Source

A flaw in WhatsApp’s contact‑discovery feature let researchers enumerate which phone numbers are registered to the service and, for users with permissive privacy settings, pull profile photos and text. University of Vienna researchers developed a “dictionary” attack that could check numbers at roughly 7,000 per second, potentially affecting the platform’s entire active user base of about 3.5 billion accounts. The issue was reported via Meta’s bug bounty program and mitigated by stricter rate limiting in October, and Meta says it has found no evidence of abuse; however, the weakness had been exploitable for at least a year and similar methods were demonstrated by researchers as far back as 2012 and in 2019.

The implications are serious: confirming active numbers raises their value to spammers, scammers and threat actors and can endanger people in sensitive situations (e.g., dissidents or journalists). Researchers warn that, had malicious actors used the same approach, it would rank as the largest data scrape by record count. The episode highlights the difficulty of keeping convenience features like contact discovery safe and underlines the importance of stronger rate limiting, proactive fixes, and for users to tighten privacy settings where possible.

Russia Gives WhatsApp an Ultimatum: Ban Looms if Rules Ignored

Source

Russia’s communications regulator Roskomnadzor warned it could fully block WhatsApp if the platform does not comply with Russian law, Reuters reports. The move follows August restrictions on some WhatsApp (and Telegram) calls amid accusations that foreign‑owned messaging services refuse to share information with law enforcement in fraud and terrorism investigations. Roskomnadzor said WhatsApp has failed to meet legal demands and could be completely blocked if it continues to ignore requirements.

Meta and WhatsApp say Moscow’s actions would cut millions of Russians off from secure communication, while Russian authorities are promoting a state‑backed alternative called MAX criticized by opponents as a potential surveillance tool (which state media deny). The standoff highlights growing pressure on global tech firms to conform to local data and law‑enforcement demands, with potential consequences for user privacy and access.

Surveillance and Cyber Chaos: From License‑Plate Dragnet to a 15.7 Tbps DDoS

Source

Researchers again exposed a massive privacy gap in WhatsApp’s contact‑discovery feature, showing phone‑number enumeration remains possible and could reveal profile data at scale. Meanwhile, an Associated Press probe found the U.S. Border Patrol running a predictive‑intelligence program that uses covert license‑plate readers—hidden in cones and barrels—far from the border to flag “suspicious” drivers and prompt local police stops, raising Fourth Amendment concerns. The FBI reportedly accessed messages from a private Signal group used by immigration court observers, and Microsoft said it mitigated a record‑breaking 15.72 Tbps cloud DDoS launched by the Aisuru botnet. In regulatory and remediation news, the SEC dropped its remaining claims against SolarWinds related to the 2020 supply‑chain hack.

Other tech and privacy headlines underscore the era’s tradeoffs: schools deploying vape detectors that sometimes include microphones, prompting surveillance worries; Cisco warning that AI makes old, unpatched networking gear an easy target for attackers; and a hacker conference using CO2 sensors to monitor room air quality as a creative safety measure. Taken together, the stories highlight a tense landscape where mass data collection, legacy vulnerabilities, and powerful attack tools collide with debates over oversight, civil liberties, and how organizations should balance convenience with security.

More Power in NL & FI: New VPS plan starting from VPS 9

We’re expanding our offering: New VPS server plans are here! Details starting from VPS9 and initially apply to the Netherlands and Finland. To celebrate the launch, we’re also offering our Black Friday deal: 25% off all hosting plans. Get informed now and secure the best conditions!