The Backend Engineering Show with Hussein Nasser artwork

These New WhatsApp Vulnerabilities Can Leak Images, Voice Notes, and Chat by Opening an HTML message

The Backend Engineering Show with Hussein Nasser

English - April 18, 2021 16:59 - 21 minutes - 12.4 MB - ★★★★★ - 5 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: A Look into Modern Leaky Abstractions - Postgres, MySQL, HTTP/2, TCP, ORMs GraphQL, N+1, Axios, git
Next Episode: North Korean Hackers Hide Malicious Code within BMP image, Goes Undetected by AntiVirus software

Few vulnerabilities in WhatsApp for Andriod discovered that allow an attacker to send an HTML file attachment full access to the user's media, voice notes, pictures, and eventually chat messages (through TLS session resumption keys). In this video, we will discuss the scope of this attack. The vulnerabilities have been patched by facebook.

Full article from CENSUS labs discussing in detail how to carry POC attack.  https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/