Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could be exploited to remotely execute malicious code on the device and even eject sensitive information. Could have done. | WhatsApp hack

The flaw is the purpose of devices running Android versions and devices running Android 9, including Android 9, known as a “man-in-the-disk” attack, by manipulating some of the data being exchanged between it and an app. Makes it possible for opponents to compromise. And external storage.

Census Labs researchers said today, “WhatsApp’s two weaknesses make it possible for attackers to remotely gather TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions.” | WhatsApp hack

“With the TLS secret at hand, we’ll demonstrate how a man-in-middle (erasure) attack can compromise WhatsApp communication, for remote code execution on the victim device and extraction of the noisy protocol keys used. Towards end-to-end encryption in user communication. ”

In particular, the drawback (CVE-2021-24027) is Chrome’s support for content providers in Android (via the “Content: //” URL scheme) and the same basic policy bypass in the browser (CVE-2020-6516). This takes advantage, allowing an attacker to send a specially crafted HTML file to a victim on WhatsApp, which, when opened on the browser, executes the code contained in the HTML file.



Worse, malicious code can be used to access any resource stored in an unprotected external storage area, including those on WhatsApp, which allows TLS session key descriptions to be placed in a sub-directory, among others, and As a result, the sensitive was found to be eliminated. Information of any app provisioned for reading or writing from external storage.

“All the attacker has to do is lure the victim into opening an HTML document attachment,” said Census Lab researcher Chariton Karatas. “WhatsApp will present this attachment over a content provider in Chrome, and the attacker’s JavaScript code will be able to steal the stored TLS session keys.”

Armed with the key, a bad actor can then stage a mid-center attack to achieve remote code execution or even boycott noisy protocol key pairs – which the client for the transport layer And is used to operate an encrypted channel between servers. Security (not the message itself, which is encrypted using the signal protocol) – assembled by the app for diagnostic purposes by intentionally triggering a memory error remotely on the victim’s device.

When this error occurs, WhatsApp’s debugging mechanism sends the encoded key pairs inside with application logs, system information, and dedicated memory log servers (“CrashBlogs. WhatsApp.NET”). But it’s worth noting that this only happens on devices that run a new version of the app, and “less than 10 days have elapsed since the release date of the current version.”

Although the debugging process is designed to invite the app to catch fatal errors, the idea behind the MitM exploits is to programmatically cause an exception that would force data collection and set up uploads, only the connection. To intercept and “disclose all” sensitive information that had to be sent to WhatsApp’s internal infrastructure. ”

To prevent such attacks, Google introduced a feature called “Scoped Storage” in Android 10, which gives each app a separate storage area on the device, allowing no other apps to be installed on the same device , Which can directly access data saved by other apps. .

The cyber security firm said it had no knowledge of whether attacks in the wild had been exploited, although in the past, WhatsApp abused the flaws to inject spyware on targeted devices and target journalists and human rights activists has gone.

WhatsApp users have been recommended to update to version to reduce the risk associated with flaws. When a response arrived, the company reiterated that the “key” that is used to protect people’s messages is not being uploaded to the server and crash log information does not allow it to access message content She gives.

“We regularly work closely with security researchers,” Hacker News quoted a spokesperson as saying. “We appreciate the information from these researchers shared with us, which has already given us that status in WhatsApp Helps to improve which Android user went to a malicious website on Chrome. To be clear: End-to-end encryption still continues to work according to people and messages remain safe and secure. ”
“WhatsApp has many more subsystems that can be of great interest to an attacker,” Karamitas said. “Communications with the upstream server and E2E encryption implementation are two notable ones. Additionally, this work is in spite of the fact that it focuses on WhatsApp, other popular Android messaging applications (such as Viber, Facebook Messenger), or even mobile games. May be exposed reluctantly. Uniform attack surfaces for remote adversities. ” | WhatsApp hack