Latest news with #AdrianusWarmenhoven
Forbes
31-07-2025
- Forbes
TSA Warning—Stop Using These Smartphone Chargers
Republished on July 31 with new guidance for Android and iPhone owners on the specific vulnerabilities for their devices following TSA's warning. It's holiday season. And as millions of travelers prepare to jet off from airports across the U.S. and beyond, the Transportation Security Administration's recent phone charger warning for airline passengers has suddenly been given some added urgency. The security agency has told airport travelers to 'bring your TSA-compliant power brick or battery pack and plug in there,' rather than use public charging points. 'When you're at an airport, do not plug your phone directly into a USB port.' This relates to so-called juice jacking, which along with the overhyped threat from public WiFi is guaranteed to irk cybersecurity professionals. But just as TSA's airport WiFi warning has been reinforced by the security industry, so it is now with charging. 'Public USB ports should never be treated as safe,' warns NordVPN's Adrianus Warmenhoven (via ZDNet), following its new report into the threat from choicejacking. This enhancement on juice jacking can bypass the protections in your smartphone to trick it into accepting a data cable connection when it shouldn't. Warmenhoven describes choicejacking as 'a dangerous evolution in public charging threats. With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.' Per Hackread, 'the rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.' That's debatable. Most public charging warnings are met with a fair amount of cyber derision. It's a blunt force attack. You're only likely to be specifically targeted by a malicious charging point or cable if you're in a high risk vocation or location. But what choicejacking has done is shown how a phone can be tricked into thinking a physical connection is one thing — a keyboard for example, while in reality it's something else. And data can be stolen as a result. If you consider your risk profile to be high, this should be a consideration. Use your own charger and cable. And bear in mind that when your phone is unlocked while charging, it's more vulnerable to this attack — if juice jacking attacks really exist, of course. Meanwhile, Android Authority has issued guidance for Android and iPhone users, setting out the different risks for each platform. Again, subject to that reality check. Attacks on Android phones 'exploit permissions for peripherals,' the website explains, using Android's Open Accessory Protocol for accessories such as 'mice or keyboards. Attackers can then begin hijacking system input through ADB (or Android Debug Bridge), which can simulate user input and change the USB mode to allow data transfer. The attack then proceeds with a series of commands aimed at gaining complete control of the device and gaining key access for further control.' iOS is different. 'A rigged USB cable or charger can be used to trigger a connection event for a Bluetooth device. Although it may appear as a regular Bluetooth-based audio accessory to your iPhone, it could act as the machinery to secretly allow data transfer and gain access to specific files and photos. However, it cannot access the entire iOS system as it can on Android.'
Forbes
30-07-2025
- Forbes
TSA Warning—All Smartphone Users Must Stop Using These Chargers
Be warned before you head for the airport. It's holiday season. And as millions of travelers prepare to jet off from airports across the U.S. and beyond, the Transportation Security Administration's recent phone charger warning for airline passengers has suddenly been given some added urgency. The security agency has told airport travelers to 'bring your TSA-compliant power brick or battery pack and plug in there,' rather than use public charging points. 'When you're at an airport, do not plug your phone directly into a USB port.' This relates to so-called juice jacking, which along with the overhyped threat from public WiFi is guaranteed to irk cybersecurity professionals. But just as TSA's airport WiFi warning has been reinforced by the security industry, so it is now with charging. 'Public USB ports should never be treated as safe,' warns NordVPN's Adrianus Warmenhoven (via ZDNet), following its new report into the threat from choicejacking. This enhancement on juice jacking can bypass the protections in your smartphone to trick it into accepting a data cable connection when it shouldn't. Warmenhoven describes choicejacking as 'a dangerous evolution in public charging threats. With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.' Per Hackread, 'the rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.' That's debatable. Most public charging warnings are met with a fair amount of cyber derision. It's a blunt force attack. You're only likely to be specifically targeted by a malicious charging point or cable if you're in a high risk vocation or location. But what choicejacking has done is shown how a phone can be tricked into thinking a physical connection is one thing — a keyboard for example, while in reality it's something else. And data can be stolen as a result. If you consider your risk profile to be high, this should be a consideration. Use your own charger and cable. And bear in mind that when your phone is unlocked while charging, it's more vulnerable to this attack — if juice jacking attacks really exist, of course.
Daily Mail
01-05-2025
- Daily Mail
WhatsApp plans to add even MORE AI tools - despite users threatening to delete their accounts after Meta added 'annoying' AI button
WhatsApp's new AI button has not gone down well with users, with many people describing it as 'annoying' and 'rubbish'. But not to be deterred, the popular Meta-owned chat platform is planning on introducing yet more artificial intelligence tools. WhatsApp will provide AI-powered writing suggestions and message summaries under a new suite of tools called 'Private Processing'. Expected to be made available in the coming weeks, it will transform WhatsApp further from a simple chat app to a ChatGPT-style hub for AI facts and advice. Meta promises not to secretly read your WhatsApp chats with the AI. However, it appears that some people are not convinced. On X (Twitter), one person said: 'They can clearly read your messages, it's a logic fail to say otherwise. Meta AI can read messages (NEEDS TO) in order to work in group chats.' The company has already caused controversy over using data from its users to train Meta AI - some without their knowledge. Meta promises not to secretly read your WhatsApp chats with the AI - but some people are not convinced Adrianus Warmenhoven, a cyber security expert at NordVPN, thinks adding more AI tools to WhatsApp could affect user privacy. That's because data from a user's message to the AI needs to be processed on external servers rather than 'locally' on their smartphone. Meta insists this doesn't allow third-parties to read your conversations with the bot, but Warmenhoven called it 'still a compromise'. 'Any time data leaves your device – no matter how securely – it introduces new risks,' he told the Telegraph. 'WhatsApp has clearly worked to reduce those risks, but it's a balancing act between user demand for smart features and the foundational promise of end-to-end encryption.' WhatsApp introduced its Meta AI button in March, which appears as a purple-blue ring icon on the right-hand side of the chats page, just above the green button to start new chats. When users tap the Meta AI button, they can start personal chats with the chatbot or ask questions about anything from news to weather and sports. ' Meta AI through WhatsApp is an optional service from Meta that can answer your questions, teach you something, or help come up with new ideas,' Meta said. On WhatsApp, users can start a chat with Meta AI by tapping the purple-blue icon - but many have been doing so accidentally, saying the button gets in the way Meta's new AI button is generally going down badly with users, with people describing it as 'annoying' and 'rubbish' People are accidentally pressing the button when they're tapping at chats What is Meta AI? Meta AI is the company's chatbot and answer to OpenAI's ChatGPT and Google's Gemini. Across Meta apps such as WhatsApp, Facebook, Instagram and Messenger, people can tap a blue-purple ring icon to start a conversation with the bot. The free, optional service can answer your questions, teach you something, or help come up with new ideas, according to Meta. But users have claimed that the 'annoying' button gets in the way – often accidentally being pressed when they're instead trying to tap on a chat. One user vented on X: 'Okay, how do I get rid of Meta AI in WhatsApp? The button is constantly hovering in the way and I will never ever use it.' Another posted: 'God I f***ing hate AI, now my WhatsApp has this f***ing AI button I cant remove, I hate it, I hate it, I HATE IT.' While another joked: 'Can you remove that AI button from WhatsApp please before I throw my phone into the [Manchester] Ship Canal.' Alternatively, WhatsApp users can type '@MetaAI' to introduce the chatbot into their existing chat conversation with someone – to settle a debate for example. Meta AI is also available on Facebook, Messenger and Instagram where it can similarly be accessed by tapping the blue-purple ring icon. WhatsApp users can't get rid of the Meta AI button – but the company has told users that it's optional and they don't have to use it. 'We think giving people these options is a good thing and we're always listening to feedback from our users,' it said. Meta – the company owned by Facebook founder Ma rk Zuckerberg – has also revealed it's releasing a standalone app for Meta AI. Meta has already caused controversy for admitting to training the chatbot with user data – in many countries without people knowing. In emails and notifications sent to UK users, Meta said it's using posts, comments, photos and even captions to help develop the human-like 'generative AI', akin to ChatGPT. Meta is taking user data from other users worldwide as well but due to local privacy laws isn't having to tell people about it. WHAT DOES META AI DO AND IS IT SAFE? Meta says the tool can be used for 'just about anything', from how-to tips, game ideas, lunch recipes and finding out the latest football scores. For example, you could say 'give me some vegetarian dinner party recipe ideas' and it will respond in a similar style to ChatGPT and Google's Gemini. If you tell Meta AI what exactly is in your fridge, it will suggest meal ideas – helping you avoid going out to the shops to buy more ingredients. If you're cramming for an exam, you could ask it, 'summarize the history of the universe' or 'quiz me on the structure of a cell'. Or if you're conducting an online test from home, you could potentially get it to quickly give you the answer you can't quite remember off the top of your head. Meta admits that your history with the chatbot will be saved – although it says you can delete an old conversation with Meta AI at any time. Social media consultant Rhea Freeman said she will use the tool because she doesn't think it will give Meta any additional insights into our private lives, compared to what the firm already knows. 'Meta knows a lot about users of its platforms anyway, and it's naïve of us to think otherwise,' Freeman told MailOnline. 'The fact we're served personalised ads show how much the platform knows. 'I use Facebook and Instagram so I feel like they won't be learning a lot more about me through my use of it.' Freeman acknowledged that AI chatbots often get things wrong, but said people 'need to remember that AI is learning all the time'. In the US, which has already had it for several months, the New York Times described it as 'fun to use' but added that it 'can't be trusted'. 'It makes lots of mistakes when you treat it as a search engine,' the review said.
Yahoo
30-04-2025
- Yahoo
WhatsApp to be flooded with more AI features despite user backlash
WhatsApp is planning to add a new artificial intelligence (AI) features to its service despite a user backlash against the technology. The private messaging app said it would explore adding AI-powered writing suggestions and summaries to the service. The decision is likely to frustrate many of its users amid criticism of the app's decision to include parent company Meta's AI chatbot within its service. WhatsApp now features a button to pull up the Meta AI chatbot, which can answer questions in English in a similar manner to ChatGPT. It also offers AI-powered search suggestions. The Meta AI button, which takes the form of a glowing blue ring within the app, has left users annoyed and asking for ways to turn it off. Users on Reddit have said they 'hate' the tool and branded it 'bug-ridden rubbish'. A WhatsApp spokesman said last week that its AI features were 'entirely optional, and people can choose to use them or not'. The spokesman added: 'We think giving people these options is a good thing, and we're always listening to feedback from our users to make WhatsApp better.' Cyber security experts also questioned whether WhatsApp's decision to add more AI tools represented a 'compromise' on privacy. In order to handle AI requests, some data from a user's message would need to be processed on external servers, rather than the user's smartphone. Meta said its system would be built in such a way that no third party would be able to see the contents of a message from a user. Meta said: 'No one except you and the people you're talking to can access or share your personal messages, not even Meta or WhatsApp.' But Adrianus Warmenhoven, a cyber security adviser at NordVPN, said: 'It's still a compromise. Any time data leaves your device – no matter how securely – it introduces new risks. 'WhatsApp has clearly worked to reduce those risks, but it's a balancing act between user demand for smart features and the foundational promise of end-to-end encryption.' WhatsApp said it planned to build the tools in a manner that 'allows our users around the world to use AI in a privacy-preserving way'. WhatsApp's encryption technology, which means nobody but the sender and recipient of a message can read it, makes it technically challenging to add AI prompts. The company said it had developed a technology called Private Processing, which would soon allow users to make a 'confidential and secure' request to an AI tool that can then re-write their messages or send a summary of recent posts in a group chat. The new feature was announced at LlamaCon 2025 at the company's Menlo Park headquarters. Meta, which also owns Facebook and Instagram, also revealed a standalone app for its Meta AI chatbot. Mark Zuckerberg, Meta's chief executive, said the company now had almost one billion people using its AI products. Separately, Satya Nadella, Microsoft's chief executive, told the event that nearly a third of the technology giant's code was being written by AI. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Yahoo
26-03-2025
- Business
- Yahoo
Delete personal 23andMe data, privacy experts urge users
Customers of DNA firm 23andMe should move quickly to ensure their personal data is deleted following the firm's filing for bankruptcy in the US, cybersecurity experts have said. Earlier this week, the genetics firm announced it had begun voluntary Chapter 11 proceedings in the US – meaning it intends to reorganise its debts and assets to have a fresh start, while remaining in business, and searching for a buyer. Cybersecurity experts have now warned it means the genetic and biological data of 23andMe users could end up in the hands of a third party they did not previously authorise to access such information. Adrianus Warmenhoven, a cybersecurity expert at NordVPN, said the saga was a 'stark wake-up call for data privacy'. 'Genetic data isn't just a bit of personal information – it is a blueprint of your entire biological profile. When a company goes under, this personal data is an asset to be sold with potentially far-reaching consequences,' he said. 'Consumers have no concept of how much information they are giving up when they sign up to these innovative biotech companies. 'A simple DNA test doesn't just potentially disclose ancestry – it could reveal genetic predispositions to disease, family relationships, and biometric signatures that could be used by insurers, employers, or even governments. 'With over 15 million consumers worldwide, 23andMe's genetic database is a treasure trove of personal information – a digital goldmine that might turn into a bankruptcy sale asset. 'While medical records held by US companies are shielded under the Health Insurance Portability and Accountability Act, genetic information occupies a legal limbo. 'Almost 80% of customers have consented to be involved in medical research, meaning their DNA information could be passed on to new owners with little supervision. 23andMe users can request to have their DNA sample destroyed, and have options to opt-out of a number of other research and product-related aspects of the service, as well as completely delete their account. However, 23andMe's privacy statement says that even if users choose to delete their account, the company retains some personal information in order to comply with its 'legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes'. According to the statement, the company and its contracted genotyping laboratory will retain genetic information, date of birth and sex as part of this. Warmenhoven said the 'first reaction' of users should be a 'total digital amputation', and suggested concerned users should directly contact the firm to push for their data to be deleted. "Ask for the destruction of your genetic sample, revoke all research permissions immediately and only then should you shut your account,' he said." Collin Walke, a US-based cybersecurity and data privacy expert – and a partner at law firm Hall Estill, said the saga highlighted the perils of handing over personal data – especially health and genetic data. 'The 23andMe bankruptcy proves the problem: Once you give away the most personal aspects of yourself such as your genetic profile to third parties, you are literally losing control over information that can be exploited and used to you and your family's detriment,' he said. 'Would you want your child's diagnosis in the hands of bad actors? What about your personal medical information? You may have agreed to allow 23andMe to run your profile, but what about the company that buys 23andMe out of bankruptcy? Do you trust them?'
