extracted

Researchers extracted photos and statuses from 3.5 billion WhatsApp users. Meta didn’t react until they told him.

by

Between December 2024 and April 2025, a team from the University of Vienna identified 3.5 billion active phone numbers on WhatsApp (practically its entire user base) from a single server and without encountering too much technical resistance. They processed more than a hundred million numbers per hour and extracted not only the existence of accounts, but also public keys, profile photos, status texts, and device metadata. They did it without having to hide, from the same university IP, same server, five accounts. For four months, no one in Meta noticed. Why is it important. This is not the first time that this vulnerability has been demonstrated, as it has already occurred in 2012 and 2021but the first at this scale and speed. The finding exposes a structural contradiction in WhatsApp: Your architecture should show whether a number is registered to enable contact discovery… …but that functional need collides with the privacy of its users. Knowing who uses WhatsApp in countries where it is prohibited, such as China, Burma or North Korea, can have serious consequences. There they detected 2.3 million, 1.6 million and five accounts respectively (not five million, just five). The investigation, published a few weeks ago in NDSS 2026shows that this crack not only persists, but has widened. The context. The researchers developed ‘libphonegen’, a tool that reduces the search space from billions of theoretical combinations of possible mobile phone numbers to “just” 63 billion real candidates for 245 countries. Using unofficial WhatsApp clients that directly access the XMPP API, they queried these numbers at a rate of 7,000 per second. Neither his IP was blocked nor his accounts sanctioned. Meta did not respond until researchers explicitly reported the finding in March of this year, and countermeasures did not arrive until October, just a couple of months ago. The figures. He dataset resulting five times higher the scandal of scraping from Facebook 2021: India leads the document with 749 million users (21% of the total), followed by Indonesia and Brazil. In Spain, 46.5 million accounts. 81% use Android. More than half have a public profile photo. 29% have the status text visible. Between the lines. The researchers were able to infer the operating system by analyzing initialization patterns of the cryptographic keys. Android starts certain identifiers at zero. iOS does this in random values. This detail matters because iPhone users are higher-value targets for attackers. They also detected that public keys are reused. They found 2.3 million different keys used on 2.9 million different devices. In Burma and Nigeria, tens of thousands of numbers shared the same key, pointing either to faulty implementation or outright fraud. They even found twenty American numbers that use a private key composed only of zeros. In detail. The method is not limited to confirming the existence of the accounts. For each one they extracted public keys, timestamps and the list of linked devices. This allows you to build detailed profiles without accessing the content of the messages. The age of the device can be estimated by counting key rotations. The “popularity” of a user is inferred by the frequency of depletion of their prekeys single usewhich are consumed every time you start a new conversation. Researchers downloaded 77 million profile photos of the +1 rank (prefix for the United States and Canada) in a matter of hours. 66% of them contained recognizable faces. They also found disturbing status texts, such as those from traffickers listing prices, accounts business advertising drugs or publicly visible corporate emails from governments and armies. And now what. Meta has deployed probabilistic cardinality counters to limit how many unique accounts a user can query without blocking legitimate contact discovery. It has also restricted bulk access to status photos and texts. The researchers confirmed that the measures work in subsequent tests. But no countermeasures protect those who were already listed during the months in which the system has been wide open. The big question. For four months, from a university server without even hiding their identity, they looted practically the entire user base of the most used application on the planet without anyone at Meta realizing until they were explicitly told. If these researchers were able to do it under these conditions, who else did it before without telling anyone? In Xataka | WhatsApp brings the big update of the season: the most important change is not on the mobile, but on the computer Featured image | Dimitri Karastelev

A programmer did not like how his coffee maker extracted coffee. So he dedicated 100 hours to hack her

by

Few things give more anger than to play with an extremely simple device that does not respond exactly as you want. An example is the appliances that should be at our service, but sometimes they go from us, they are unnecessarily complex Or they have many functions, but not as simple as “don’t automatically turn off.” That is what a software developer was found to Buy a coffee makerand made the most logical decision. Return it? No: Hold it. And be careful, because that of ‘hacking’ the coffee makers is not so weird. Functions vs User. Gabriel Ciubotaru He is a software developer, but also an expert in cybersecurity and reverse engineering, among other skills. In a recent conference at the Defcamp 2024 (a relevant cybersecurity and hacking conference at European level), Gabriel told how he had acquired a coffee maker that he liked a lot, but that had a very annoying function: at 30 minutes of being on, he automatically went out. It is a function to save energy, and that is fine, but the problem is the enormous contradiction that arises when, every time it turns on, it performs a refined cycle that expels a moderate amount of water. In addition to water, it was a loss of time and Gabriel search between the options until finding a higher time limit: three hours. As he made a coffee every four hours, it was not adequate for his rhythm of life and decided to open the machine. Hold the coffee maker. The task seemed simple: extract the motherboard, locate the microcontroller and identify the system programmed to automatically turn off the machine and perform that refined process, change the firmware with the desired time value and reassemble the machine. The reality is that it found that component relatively easy, but the complicated thing was to find, throughout the code tangle, the lines that it should modify so that the coffee maker went out when he wanted. He did it, looking at a code that controls the warning icons that shows the coffee maker screen so that the user identifies his status following the instructions of the manual, so he modified those values, the modified code rose to the microcontroller and … ready, the coffee maker now works as he wants. I have explained it in a very simple way, but in Gabriel he gives all the details in his conference. He also comments that he has saved 30 seconds a day by investing 100 hours of work to hack the coffee maker, but that it is something that has been totally worth it because now it is the device that works as the user wants. More homemade projects. It is clear that not everyone has the resources, desire, time or interest in getting what Gabriel has achieved. Those 30 seconds, to many, would not be bother us, but what is also true is that there is an interest on the part of some users to hack their coffee makers in one way or another. One of the most popular coffee makers is Delonghi dedicates. It is what I have and has a series of default values ​​that respond to the amount of coffee extraction time. For a pressurized portfilters like the one that carries the machine, they are adequate, but when you buy a portfiltros in the air, these values ​​fall short and we have a way of programming a slower extraction based on combining its three buttons. It is something indicated in the manual, but what is not indicated is how to achieve a better milk foam. The sparkler included is functional, but not perfect. A trick to have more control over the process is to remove the metal part of the sparkler and keep the rubber, with a much thinner nozzle. Thus we can better control the process, but there is a problem: due to the pressure, the nozzle jumps. The solution? Set that mouthpiece to the coffee maker through a flangeand problem solved. Removing functions to the machine. That is a very simple modification, but there is another that is perhaps more interesting because it directly affects how coffee knows. In filter coffee makers, the most common is that the base has a resistance that keeps hot coffee for a longer time. This implies that coffee ‘cooks’ by extraction, but then continues to warm up with a high temperature base that modifies its flavor. It is not ideal, but even expensive machines (and that, supposedly, its manufacturers should know that it affects the flavor) implements it. Therefore, a common modification in this type of coffee makers is to open them and remove the cables that give energy to that resistance. It does not affect anything to the operation of the coffee maker when preparing coffee, but you eliminate that base that continues to cook the coffee once extracted. It is a modification that gives more “fear” than placing a flange, but it is worth it because, as I say, it has a direct influence on coffee. And as that modification there are many others, such as placing a more quality milk foamer in the aforementioned dedicate or changing the water pump pressure, Change the diffuser of water in a moccamaster … More serious implications. Ok, these cases are curious and allow to improve the functioning of the coffee maker, but really hacking a coffee maker is a serious thing. It is something that Martin Hron, Avast Security Researcher, demonstrated to the HAHKE AN INTELLIGENT COFFEE. Focusing on the first generation smartger, Hron got access to the system and realized that it worked as a unprotected Wi-Fi access point, with unbalanced connections and that allowed firmware updates without authentication. What did you demonstrate? Two things. On the one hand, which could rotate the mill without control, waste boiling water or emit beeps. He could also show a rescue message with a URL in which to make the payment so that the coffee maker ceases to behave … Read more

Modern oil did not invent anything. China already extracted natural gas 2,000 years ago and transported it by bamboo pipes

by

Possibly, many consider that oil industry And modern gas, with its platforms, deep wells, pumping systems and distribution networks, is a creation of the nineteenth century onwards, one associated with Western industrialization. And although they are not entirely wrong, the truth is that there was already a nation that had developed techniques for drilling, extraction and transporting energy resources with a simply amazing level of sophistication. That nation was China, and he did it a thousand years before Edwin Drake will pierce the first commercial oil well in 1859. Before the crude. As we said, although the collective imaginary places the beginning of the exploitation of hydrocarbons in the industrial revolution From the nineteenth century, history shows that ancient civilizations had already developed surprisingly advanced techniques of energy extraction. In fact, in the Chinese province of Sichuan, more than one millennium before the first commercial wells in the United States or Russia, entire communities already They pierced the earth To get brine And, later, natural gas. The salt searchvital for food conservation and human nutrition, led Chinese engineers to devise sophisticated Performant drilling systemsoperated with bamboo towers, pulleys, jump platforms and specialized metal tools that remember, in many ways, those used in the modern oil industry. Challenging your time. The wells, initiated during the PERIOD OF THE COMBATING KINGDOMS (480–221 AC), reached depths of up to 250 meters already in the Tang dynastyand exceeded the kilometer in the nineteenth century, long before the West even dreamed of such achievements. For each phase of the process they were used Different Broks (Fish tail, silver or horseshoe ingot) adapted to the type of rock. I also know They developed solutions for problems such as broken bits or collapsed wells, using ingenious technologies such as elongated bamboo tubes With fin valves, hydraulic cements based on Tung oil, and shutter with expanded straw. Then, around 1050, the introduction of flexible bamboo cables It allowed to achieve greater depths and simplify the operations a little more. By 1835, the Shenghai well reached officially The 1,000 meters deepa milestone in the world. From the byproduct to the energy treasure. Everything changed at a given time. During drilling in search of brine, workers began to run into Natural gas bagsinitially seen as dangerous or useless. But over time, that gas (mainly methane, often mixed with hydrogen sulphide) was recognized as energy resource and used for lighting, heating and, above all, to feed the boilers that evaporated the brine. This transition became crucial when deforestation prevented continuing to use firewood. The need promoted the invention of the call Drum Kang Penwhich allowed to extract and separate simultaneously gas and brine, and early carburetor that mixed gas with air to achieve more efficient combustion. In turn, the old perforators also included geology rudiments, placing gas wells in high areas and brine in valleys, according to the formation of underground bags. Industrial Network Without Pare. Over the centuries, the region was filled with bamboo towers, merchant ships and an infrastructure that included hundreds of kilometers of pipes Bamboo built completely. Far from being rudimentary, those pipes were precisely sealed by tung oil cement and braided rope, which made them surprisingly stagnant and durable. To get an idea, in the 1950s they were still operational More than 95 km of these conductions. A complex system that transformed Zigong and other cities into industrial, commercial and cultural centers. The operation was so extensive that it required uninterrupted shifts and written legal contracts (some of the first in the history of China) to distribute tasks and resources. Historical and legacy. The scale and sophistication of the Sichuan gas field eclipsed other premodern operations in Europe or Central Asia, such as those of Naples or Bakú. Beyond the volume produced, the most notable was the continuity and efficiency of the system itself. Even today, the region produces some 30,000 million cubic meters of gas annually, in many cases from perforated wells centuries ago. However, the work is still dangerous: in 2003, an explosion of gas near Chongqing He killed 233 people and left 9,000 intoxicatedbut the accumulated experience over almost 2,000 years avoided a major catastrophe. That technical and human legacy is, in fact, honest in the Shanxi Salt Museumwhere original tools and detailed models are preserved that document an industrial feat advanced to their time by millennia. If you want too, the Sichuan history Not only does it rewrite the origins of oil and gas in a certain way: redefine what we consider possible in ancient civilizations. Image | Thomas dependb, CSEG In Xataka | In its effort to extract oil, China is beating records: it has drilled a well -deep well In Xataka | 2025, a raw year: the sanctions to the Russian ships and the tension with China are raising the price of oil

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.