Connect with us

Check Point Software: Fixed WhatsApp Vulnerability May Lead to Disclosure of User Data

Published

on

By applying certain filters to a specially crafted image and sending it to a potential victim, an attacker could exploit the vulnerability and gain access to confidential information from WhatsApp’s memory.

Check Point Research, a research arm of Check Point® Software Technologies Ltd., a leading provider of cybersecurity solutions, discovered a security vulnerability in the image filtering function of WhatsApp, the world’s most popular messaging application with over 2 billion active users.

By applying certain filters to a specially crafted image and sending it to a potential victim, an attacker could exploit the vulnerability and gain access to confidential information from WhatsApp’s memory.

The vulnerability is related to the image filtering feature in WhatsApp. Image filtering is the process by which the pixels in the original image are altered to achieve certain visual effects, such as blurring or sharpening. Check Point Research found that switching between different filters in GIFs generated did cause WhatsApp to crash. Researchers identified one of the glitches as memory corruption and immediately reported the issue to WhatsApp, which named the CVE-2020-1910 vulnerability, detailing it as an out-of-range read / write issue.

The company estimates that over 55 billion messages are sent daily via WhatsApp, including 4.5 billion photos and one billion videos.

Coordinated disclosure of information

Check Point Research released its findings to WhatsApp on November 10, 2020. WhatsApp has verified, acknowledged a security issue, and deployed a fix in version 2.21.2.13, pointing out the vulnerability in its February security advisory update.

Oded Vanunu, Head of Product Vulnerability Research, Check Point Software:

“WhatsApp is used by over two billion people, which can be an attractive target for cybercriminals. As soon as we discovered a security vulnerability, we promptly reported our findings to WhatsApp, who actively collaborated and assisted in the release of the fix. Our collective efforts have resulted in a safer WhatsApp experience for users around the world. ”

WhatsApp comment:

“We regularly work with security researchers to improve the many ways WhatsApp protects messages, and we appreciate the work CheckPointSoftware is doing in researching every corner of our application. People should have no doubt that end-to-end encryption continues to work as expected and that people’s messages remain safe. This report describes a scenario of several steps that a user would have to take, and we have no reason to believe that our users are affected by this vulnerability. However, even the most complex scenarios that researchers discover help improve user safety. As with any technical product, we encourage users to update their applications and operating systems, download updates as soon as they become available, report suspicious messages and contact us if they have problems using WhatsApp. ”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Want to learn how to work with cloud databases and take the DP-900 certification exam for free?

Published

on

Take a two-day training session from Microsoft on October 25 and 26.

From Microsoft experts, you will learn about the key principles of Azure services, proven approaches, and the specifics of working with relational and non-relational data.

Have time sign up for training

Continue Reading

Security

Women and minorities are more likely to be cyberattacks than other people

Published

on

Women are more likely than men to receive messages from unknown numbers containing potentially malicious links.

Demographics play a large role in how often people are victims of cybercrime. Low-income and vulnerable populations are disproportionately affected by cybercrime. As the results showed poll 5 thousand people in Germany, the UK and the US, conducted by experts from Malwarebytes, Digitunity and Cybercrime Support Network, minorities, as well as groups of people with low income and low educational level, are more likely to be victims of a cyber attack. Some groups are much more likely to face online threats.

For example, women are much more likely to receive text messages from unknown numbers containing potentially malicious links than men (79% versus 73%). Almost half (46%) of women said their social media accounts had been hacked, compared with 37% of men.

Black, Indigenous and People of Color (BIPOC) social media accounts are more likely to be attacked than whites (45% versus 40%); BIPOC populations are also more likely to experience identity theft (21% versus 15%). In fact, only 47% of BIPOC respondents escaped the financial consequences of cybercriminals.

Age is also an important factor. 36% of people aged 65 and over have been victims of credit card information theft.

21% of women and 23% of BIPOC respondents experienced “significant” stress when faced with suspicious online activity.

According to the report, the statistics are linked to the overall sense of security (or lack thereof) in cyberspace. While half of all respondents do not feel secure online and 31% do not feel safe online, the numbers are different for women. Women feel the least private online (53% versus 47% of men) and the least secure (35% versus 27% of men).

Socioeconomic class also matters. People with higher incomes (51%) feel more secure online than people with lower incomes (40%). The same is true for educational attainment – users with the highest educational attainment feel more secure (48%) than those who graduated only from college (44%) or high school (40%).

Continue Reading

Security

The United States launched a program to replace network equipment Huawei and ZTE

Published

on

The US government allocated $ 1.9 billion for the implementation of the program.

On Monday, September 28, the US Federal Communications Commission (FCC) announced the launch of a program to replace network equipment of telecom operators in rural areas. The government allocated $ 1.9 billion to implement the program, writes Reuters.

The program was approved in July 2021, and applications for participation in it will open on October 29 and will last until January 14, 2022. Its goal is to remove from the networks of American telecom operators equipment manufactured by Chinese companies recognized in the United States as a threat to national security, in particular Huawei and ZTE.

Last year, the FCC recognized Huawei and ZTE as a threat to national security, thereby depriving US companies of the ability to use the $ 8.3 billion government fund to buy equipment from them. In December, the FCC passed regulations requiring carriers using ZTE and Huawei equipment to “dispose of and replace” it.

The requirement is a big problem for telecom operators in rural areas, which do not have the financial ability to purchase new equipment and find specialists who are able to carry out such a replacement.

The latest FCC ruling expands the program from telecom operators with 2 million or less subscribers to operators with 10 million or less subscribers.

Continue Reading

Most Popular