WhatsApp Security Flaw Enables Hackers To Read Stored Files On Any Device
KEY POINTS
- A security researcher found serious flaws in the WhatsApp client
- The flaws allow hackers to access files stored in any device
- The flaws might also allow hackers to gain remote control of the device
Back in 2017, researchers discovered a flaw that allowed attackers to change messages in the WhatsApp client. The flaw, the details of which were revealed in a report published in 2018, basically allowed attackers to “alter the text of someone else's reply, essentially putting words in their mouth.”
A year later, Perimeter X security researcher Gal Weizman looked into that flaw and discovered several problems related to it, some of them more serious than the other, Apple Insider reported. The researcher gave a detailed report about his findings in a lengthy article; here's a quick look at what he found.
The flaw allows hackers to alter the links in rich preview banners
See those banners that often include the logo of a particular website (Facebook, for example), coupled with a short description followed by a link to the website itself? Weizman found that by exploiting the previous flaw, attackers can change the link so that it would look legitimate, but actually lead to a different website.
The researcher gave several examples, but one in particular showed that while the banner looked like clicking on it would lead to Facebook.com, it will actually lead to “https://example.com.”
The flaw allows hackers to use persistent-XSS
Ever encountered an alert while browsing the web, such as those that saying a page is not loading, or that some information need to be entered before proceeding to the next page? Those alert boxes are call persistent-XSS. Weizman found that hackers can create them and use them to do more serious things, the following danger below in particular:
The flaw allows hackers to read files in any device with WhatsApp
The flaw, which works with Chromium 69, can be exploited to gain access to the files in any device. It can be used to acquire information about the victim's computer (such as operating system version), and read local files stored in the computer. Weizman also said the flaws might even allow hackers to execute code remotely, giving them access and control over the victim's computer.
These findings could help shed light on how Amazon CEO Jeff Bezos's iPhone was hacked. The retail giant chief's handset was reportedly hacked after receiving a message via WhatsApp.
Weizman's detailed report is available here.
© Copyright IBTimes 2024. All rights reserved.
-
Ukraine, Israel, TikTok: The Massive Aid Package Before US Congress
-
Eiffel Tower Loses Sparkle For Parisians Ahead Of Olympics
-
Former Number One Momota Retires From International Badminton At 29
-
Why Insurance Prices Have Skyrocketed
-
World Bank Aiming To Connect 250 Mn Africans To Energy Grid By 2030
-
IMF Says Global Debt Levels Face 'Great Election Year' Risk
-
Divisions Among Colombia's FARC Dissidents Complicate Peace Talks
-
French Far Right Gets Youthful Vibe With 28-year-old Leader
-
US Fed's Powell Says Inflation Fight May Take 'Longer Than Expected'
-
Mideast-related Oil Price Spike Threatens 'Relatively Good' Economic Outlook: IMF Chief Economist
