WhatsApp Battens Down the Hatches

WhatsApp has added end-to-end encryption and enabled it by default in the latest version of its Android messaging application, partner Open Whisper Systems announced Tuesday.

The new feature taps Open Whisper's open source TextSecure encryption protocol to ensure that only a conversation's participants can read the messages they exchange. WhatsApp itself won't be able to decrypt the messages, in other words, even if law enforcement should try to require it.

Encrypted messaging isn't yet available for group chat or media messages within WhatsApp's Android client, but those features are coming next, Open Whisper said, along with support for more client platforms. Key-verification options also will be forthcoming once protocol integrations are completed.

A Rare Quality

Facebook-owned WhatsApp is one of several messaging applications called out in a recent scorecard report from the Electronic Frontier Foundation.

The EFF rated the security of more than three dozen such apps on seven different dimensions, including encryption. Also taken into consideration was whether or not the apps' code was audited and open to independent review.

Only six tools scored all seven stars, including ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text and Open Whisper's TextSecure app.

WhatsApp, on the other hand, was among those whose lack of end-to-end encryption resulted in a lower ranking. Included in that category were Google, Facebook and Apple's email products, along with Yahoo's Web and mobile chat and Secret.

Lacking encryption altogether were messaging platforms QQ, Mxit and the desktop version of Yahoo Messenger, the EFF found.

One Fell Swoop

"I think it's great news," said Joseph Bonneau, a fellow at both the EFF and Princeton University's Center for Information Technology Policy.

"One of the things we were hoping with the scorecard project is that we'd be able to push others to do the same thing," he told TechNewsWorld.

This one change "basically absolved them from being one of the apps that didn't really provide much security to being one of the most secure mainstream messaging apps out there," Bonneau said.

The Open Source Advantage

WhatsApp's choice of TextSecure was a good one, noted Bonneau.

"TextSecure has really been refined over the years," he said. "It's great to see them using a public application that has earned a lot of confidence and has a lot of strong security features."

The fact that TextSecure is open source is a particularly compelling advantage, Bonneau pointed out. "In practice, it means that any weaknesses are far more likely to be found and fixed. Open source is the way to go."

Billions of Encrypted Messages

Open Whisper Systems has been working with WhatsApp for the past half year or so to implement the new feature in what it called the largest deployment of end-to-end encrypted communication in history.

Billions of encrypted messages now are being exchanged each day through the enhanced service.

Users likely won't even notice that the additional security is there, however.

"It shouldn't affect the user experience at all," Bonneau remarked.

Educating Users

Of course, whether they realize it or not, the app's more than 600 million monthly active users are benefiting from the superior security the TextSecure code provides, Jean Taggart, senior security researcher at Malwarebytes, told TechNewsWorld.

"Implementing the Open Whisper Systems protocol under the hood of a popular messaging platform is a huge improvement," he said.

Looking ahead, moves like this one will begin to make it clear to users that there are "big security differences among messaging platforms," EFF's Bonneau observed. "Hopefully users will start demanding this kind of security." 

Danger comes in small packages: Securing employees' mobile devices

Whether your company provides workers with mobile devices or allows them to bring their own, you have to be vigilant. If your employees work outside the office with their tablets or smartphones, they’re walking around town with your data in small, easy-to-lose, easy-to-steal containers. Should any of those devices go missing, there’s a lot more at stake than the cost of the hardware.

Following these basic procedures will help keep your company safe from mobile threats.

Insist on mobile antivirus apps
Almost everyone knows that they need an antivirus program for their Windows PC, but few understand the necessity of running a similar tool on their mobile device. According to Symantec's Internet Security Threat Report for 2014, 57 percent of adults didn't even know that such tools existed. But here's the really scary part: Only 44 percent were equally ignorant in 2012. In other words, the average person knows less about mobile security now than they did two years ago.

Android attracts more malware than iOS by a very large margin. According to Kaspersky Lab's Mobile Cyber Threats report, published this October, "98.05% of all existing mobile malware targets the users of Android devices." The ability to download apps from sources other than the office Play Store, and the irregular way updates get pushed to devices make Android a tempting target.

But iPhone and iPad users shouldn't be complacent. iOS has its share of vulnerabilities. What's more, malware that latches onto applications doesn't really care about the operating system; if the OS can support the app, the app can support the malware.

Think data, not device
Losing a smartphone is an inconvenience. Letting the data on it fall into the wrong hands is a disaster. According to Adam Ely, Co-Founder of Bluebox Security, "79% of companies reported a mobile data breach, with the cost of data loss ranging from less than $10K to over $500K per incident." That's a lot more than the cost of a phone.

The first line of defense: Secure the mobile device with a sufficiently complex password. You might also consider other techniques for locking a phone. Add more protection by encrypting company data (a locked phone doesn't help much if the Micro SD card inside is open), and a mobile-to-company-server backup routine.

Use a Virtual Private Network
Criminals don't need to steal a smartphone to read the data flowing from that phone to the Internet.

That's why your company needs to use a VPN to encrypt the data as it journeys between the mobile device and the network. A good VPN provides more than just encrypted data. It can track who's accessing the network, authenticate users, and allow employees to access company applications in the field.

Respect your employees' privacy
If you don't handle your company's BYOD policy properly, your employees may look at you with the same lack of trust that American citizens reserve for the NSA. As Ely explained, "it is important to maintain boundaries between work and personal use on an employee’s personal device. Users are rightfully worried that their privacy will be compromised if they use their personal device for work purposes."

Your BYOD policy must spell out clearly what rights belong to the employee and the company. Prepare a clear statement that defines the circumstances in which the company will open private files. Also, the employee must understand ahead of time that the device may be wiped remotely should it be lost.

Make it easy
If a user must go through eight security steps before they can get to work, they will find a way around those steps. After all, they're being paid to be productive, not to enter multiple passwords and prove that they really are themselves. According to Ely, "No matter how robust a mobile device program is it will not succeed without the support of the end users."

So keep ease of use in mind when designing a secure system. Require fewer passwords, and use automated encryption technologies that don't require many user interactions.

Another way to simplify: Design easy-to-use systems, and help employees when the systems aren't as easy as they should be, and offer convenient options like remote access to help them get fast support from your help desk if they need it. "Support must be a priority," warns Ely. And "focus on product design to minimize issues, prioritize quality testing and populate…support portal with how-to’s and FAQs."

Going mobile has considerable risks and considerable benefits. You need to lower the first so you can make the most of the later.

Billionaire Paul Allen donates 10,000 smartphones to the Ebola battle

Billionaire Paul Allen is sending more than 10,000 smartphones to West Africa to help in the battle against Ebola.

The Microsoft co-founder’s Paul G. Allen Family Foundation is providing the specially-programmed phones in an attempt to help government workers and aid volunteers gather data about the effectiveness of relief efforts in the disease-ravaged region.

“We need reliable data to understand what is going on in impacted areas to get ahead of the Ebola crisis,” said Allen, in a statement released on Monday.

The smartphones are the philanthropist’s latest contribution to the Ebola battle.

Last month Allen said that he would increase his contribution to fighting the deadly disease to at least $100 million. In September the philanthropist donated $9 million to the Centers for Disease Control and Prevention to support the fight against Ebola.

While a number of the phones were purchased by the Paul G. Allen Family Foundation, others were gifts from companies.

As part of Allen’s existing commitment to tackle Ebola, he also announced a grant to communications specialist NetHope on Monday. NetHope is an international consortium of NGOs devoted to improving emergency response organizations’ IT communications.   

“NetHope is working closely with the U.N. and all of the large response organizations to identify the gaps in communications capacity,” said Allen. “Today, we are committing resources to boost communication and data collection capabilities to more effectively fight Ebola in West Africa.”

Allen’s donation to NetHope will help establish a fund to boost connectivity at 45 locations, as well as the deployment of up to 10 satellite communication terminals. The grant will also fund a number of short-term private sector projects to extend mobile capacity, as well as helping mobile operators widen their existing networks.

Technology is becoming a key weapon in the fight against Ebola. Last month, for example, IBM launched an analytics system to help track the spread of the deadly disease in Sierra Leone.

The system developed by IBM’s Nairobi, Kenya-based Africa research lab and Sierra Leone’s Government lets citizens report Ebola-related issues and concerns via text message or phone calls. The goal is to provide the country’s government with insight into communities affected by Ebola and improve its strategy for containing the disease.

Selena Gomez Takes a Page Out of Taylor Swift's Instagram Songbook Lip-sync of other stars' tunes are becoming social video gold

 Last week, Taylor Swift was the No. 1 celebrity on the Adweek/Shareablee Instagram branded video charts after she posted a clip of herself driving in a car while lip-syncing to Kendrick Lamar's hip-hop tune "Backseat Freestyle." The Spotify-dissing songstress picked up 913,500 likes and comments for the 15-second social video.
And it appears that Selena Gomez might have taken notice because she grabbed the top spot in the celebrity category this week by employing the same tactic. Gomez does more than lip-sync in her Instagram video, though, as the 22-year-old pop star belts out the chorus from Carrie Underwood's "Something in the Water" tune that hit the market this month.
Like Swift, Gomez selected a song from an artist who doesn't normally perform in her category. (Gomez is pop, while Underwood is country, for instance.) And Swift and Gomez chose to shoot the video in a car. While it could be a coincidence, Gomez lists Swift as an influence on her Wikipedia page, so they could easily follow one another on the social platform.
At any rate, Instagram users definitely "like" seeing pop singers cover other stars' tunes. Gomez garnered 758,000 likes and comments for her effort to beat out all others in her niche from Nov. 10 through Nov. 16.
The Adweek/Shareablee chart below features eight categories (auto, beauty, consumer electronics, retail, fashion, celebrity, sports leagues and TV shows) every week and showcases the best branded effort. Two wildcard niches are always sprinkled in, and we've chosen sporting goods/apparel and fashion luxury for this week's edition.
Another standout performance goes to Mercedes-Benz, which continues to show that taking Instagram viewers to unusual places is a winning formula.
Check out Gomez and Mercedes-Benz's work via the multimedia infographic below where you can watch the top Instagram videos and see the brands' organic reach.

Apple bitchslaps iPhone rival Xiaomi: World No 1? That's BIG TALK

Apple has declared war on its Chinese smartphone rival Xiaomi after execs from the two firms locked horns during a public event.

Bruce Sewell, Apple's general counsel and senior vice president of legal and government affairs, appeared alongside Xiaomi founder Lei Jun at the World Internet Conference.

The Apple exec might have been forgiven for feeling a little nervous, as the tech get-together took place on Xiaomi's home soil.

But he immediately went for the jugular after being asked about Xiaomi's chances of becoming top dog in the global smartphone market.

Sewell said that reaching the number one spot is "easy to say, it is more difficult to do".

He also reminded Apple's Chinese rival that there are "many competitive" phones in the People's Republic.

But the Xiaomi boss wasn't having any of Apple's cheek. "In this magic land, we produced not only a company like Alibaba, but a small miracle like Xiaomi," he hit back.

Unfortunately for Apple, Xiaomi is now nipping at its heels.

Despite selling more mobes in the last quarter than ever before, Apple is just the second most successful smartphone manufacturer in the world, according to IDC, with Xiaomi a close third.

Sadly for both squabbling mobe-makers, Samsung is still the king of the castle when it comes to smartphone shipments. But for how long? ®